]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - fs/cifs/connect.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
cifs: reinstate sharing of SMB sessions sans races
[mirror_ubuntu-bionic-kernel.git] / fs / cifs / connect.c
1 /*
2 * fs/cifs/connect.c
3 *
4 * Copyright (C) International Business Machines Corp., 2002,2008
5 * Author(s): Steve French (sfrench@us.ibm.com)
6 *
7 * This library is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU Lesser General Public License as published
9 * by the Free Software Foundation; either version 2.1 of the License, or
10 * (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See
15 * the GNU Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public License
18 * along with this library; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 */
21 #include <linux/fs.h>
22 #include <linux/net.h>
23 #include <linux/string.h>
24 #include <linux/list.h>
25 #include <linux/wait.h>
26 #include <linux/ipv6.h>
27 #include <linux/pagemap.h>
28 #include <linux/ctype.h>
29 #include <linux/utsname.h>
30 #include <linux/mempool.h>
31 #include <linux/delay.h>
32 #include <linux/completion.h>
33 #include <linux/kthread.h>
34 #include <linux/pagevec.h>
35 #include <linux/freezer.h>
36 #include <asm/uaccess.h>
37 #include <asm/processor.h>
38 #include "cifspdu.h"
39 #include "cifsglob.h"
40 #include "cifsproto.h"
41 #include "cifs_unicode.h"
42 #include "cifs_debug.h"
43 #include "cifs_fs_sb.h"
44 #include "ntlmssp.h"
45 #include "nterr.h"
46 #include "rfc1002pdu.h"
47 #include "cn_cifs.h"
48
49 #define CIFS_PORT 445
50 #define RFC1001_PORT 139
51
52 extern void SMBNTencrypt(unsigned char *passwd, unsigned char *c8,
53 unsigned char *p24);
54
55 extern mempool_t *cifs_req_poolp;
56
57 struct smb_vol {
58 char *username;
59 char *password;
60 char *domainname;
61 char *UNC;
62 char *UNCip;
63 char *in6_addr; /* ipv6 address as human readable form of in6_addr */
64 char *iocharset; /* local code page for mapping to and from Unicode */
65 char source_rfc1001_name[16]; /* netbios name of client */
66 char target_rfc1001_name[16]; /* netbios name of server for Win9x/ME */
67 uid_t linux_uid;
68 gid_t linux_gid;
69 mode_t file_mode;
70 mode_t dir_mode;
71 unsigned secFlg;
72 bool rw:1;
73 bool retry:1;
74 bool intr:1;
75 bool setuids:1;
76 bool override_uid:1;
77 bool override_gid:1;
78 bool dynperm:1;
79 bool noperm:1;
80 bool no_psx_acl:1; /* set if posix acl support should be disabled */
81 bool cifs_acl:1;
82 bool no_xattr:1; /* set if xattr (EA) support should be disabled*/
83 bool server_ino:1; /* use inode numbers from server ie UniqueId */
84 bool direct_io:1;
85 bool remap:1; /* set to remap seven reserved chars in filenames */
86 bool posix_paths:1; /* unset to not ask for posix pathnames. */
87 bool no_linux_ext:1;
88 bool sfu_emul:1;
89 bool nullauth:1; /* attempt to authenticate with null user */
90 bool nocase:1; /* request case insensitive filenames */
91 bool nobrl:1; /* disable sending byte range locks to srv */
92 bool seal:1; /* request transport encryption on share */
93 bool nodfs:1; /* Do not request DFS, even if available */
94 bool local_lease:1; /* check leases only on local system, not remote */
95 bool noblocksnd:1;
96 bool noautotune:1;
97 unsigned int rsize;
98 unsigned int wsize;
99 unsigned int sockopt;
100 unsigned short int port;
101 char *prepath;
102 };
103
104 static int ipv4_connect(struct sockaddr_in *psin_server,
105 struct socket **csocket,
106 char *netb_name,
107 char *server_netb_name,
108 bool noblocksnd,
109 bool nosndbuf); /* ipv6 never set sndbuf size */
110 static int ipv6_connect(struct sockaddr_in6 *psin_server,
111 struct socket **csocket, bool noblocksnd);
112
113
114 /*
115 * cifs tcp session reconnection
116 *
117 * mark tcp session as reconnecting so temporarily locked
118 * mark all smb sessions as reconnecting for tcp session
119 * reconnect tcp session
120 * wake up waiters on reconnection? - (not needed currently)
121 */
122
123 static int
124 cifs_reconnect(struct TCP_Server_Info *server)
125 {
126 int rc = 0;
127 struct list_head *tmp;
128 struct cifsSesInfo *ses;
129 struct cifsTconInfo *tcon;
130 struct mid_q_entry *mid_entry;
131
132 spin_lock(&GlobalMid_Lock);
133 if (server->tcpStatus == CifsExiting) {
134 /* the demux thread will exit normally
135 next time through the loop */
136 spin_unlock(&GlobalMid_Lock);
137 return rc;
138 } else
139 server->tcpStatus = CifsNeedReconnect;
140 spin_unlock(&GlobalMid_Lock);
141 server->maxBuf = 0;
142
143 cFYI(1, ("Reconnecting tcp session"));
144
145 /* before reconnecting the tcp session, mark the smb session (uid)
146 and the tid bad so they are not used until reconnected */
147 read_lock(&cifs_tcp_ses_lock);
148 list_for_each(tmp, &server->smb_ses_list) {
149 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
150 ses->need_reconnect = true;
151 ses->ipc_tid = 0;
152 }
153 read_unlock(&cifs_tcp_ses_lock);
154 list_for_each(tmp, &GlobalTreeConnectionList) {
155 tcon = list_entry(tmp, struct cifsTconInfo, cifsConnectionList);
156 if ((tcon->ses) && (tcon->ses->server == server))
157 tcon->need_reconnect = true;
158 }
159 /* do not want to be sending data on a socket we are freeing */
160 down(&server->tcpSem);
161 if (server->ssocket) {
162 cFYI(1, ("State: 0x%x Flags: 0x%lx", server->ssocket->state,
163 server->ssocket->flags));
164 kernel_sock_shutdown(server->ssocket, SHUT_WR);
165 cFYI(1, ("Post shutdown state: 0x%x Flags: 0x%lx",
166 server->ssocket->state,
167 server->ssocket->flags));
168 sock_release(server->ssocket);
169 server->ssocket = NULL;
170 }
171
172 spin_lock(&GlobalMid_Lock);
173 list_for_each(tmp, &server->pending_mid_q) {
174 mid_entry = list_entry(tmp, struct
175 mid_q_entry,
176 qhead);
177 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
178 /* Mark other intransit requests as needing
179 retry so we do not immediately mark the
180 session bad again (ie after we reconnect
181 below) as they timeout too */
182 mid_entry->midState = MID_RETRY_NEEDED;
183 }
184 }
185 spin_unlock(&GlobalMid_Lock);
186 up(&server->tcpSem);
187
188 while ((server->tcpStatus != CifsExiting) &&
189 (server->tcpStatus != CifsGood)) {
190 try_to_freeze();
191 if (server->addr.sockAddr6.sin6_family == AF_INET6) {
192 rc = ipv6_connect(&server->addr.sockAddr6,
193 &server->ssocket, server->noautotune);
194 } else {
195 rc = ipv4_connect(&server->addr.sockAddr,
196 &server->ssocket,
197 server->workstation_RFC1001_name,
198 server->server_RFC1001_name,
199 server->noblocksnd, server->noautotune);
200 }
201 if (rc) {
202 cFYI(1, ("reconnect error %d", rc));
203 msleep(3000);
204 } else {
205 atomic_inc(&tcpSesReconnectCount);
206 spin_lock(&GlobalMid_Lock);
207 if (server->tcpStatus != CifsExiting)
208 server->tcpStatus = CifsGood;
209 server->sequence_number = 0;
210 spin_unlock(&GlobalMid_Lock);
211 /* atomic_set(&server->inFlight,0);*/
212 wake_up(&server->response_q);
213 }
214 }
215 return rc;
216 }
217
218 /*
219 return codes:
220 0 not a transact2, or all data present
221 >0 transact2 with that much data missing
222 -EINVAL = invalid transact2
223
224 */
225 static int check2ndT2(struct smb_hdr *pSMB, unsigned int maxBufSize)
226 {
227 struct smb_t2_rsp *pSMBt;
228 int total_data_size;
229 int data_in_this_rsp;
230 int remaining;
231
232 if (pSMB->Command != SMB_COM_TRANSACTION2)
233 return 0;
234
235 /* check for plausible wct, bcc and t2 data and parm sizes */
236 /* check for parm and data offset going beyond end of smb */
237 if (pSMB->WordCount != 10) { /* coalesce_t2 depends on this */
238 cFYI(1, ("invalid transact2 word count"));
239 return -EINVAL;
240 }
241
242 pSMBt = (struct smb_t2_rsp *)pSMB;
243
244 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
245 data_in_this_rsp = le16_to_cpu(pSMBt->t2_rsp.DataCount);
246
247 remaining = total_data_size - data_in_this_rsp;
248
249 if (remaining == 0)
250 return 0;
251 else if (remaining < 0) {
252 cFYI(1, ("total data %d smaller than data in frame %d",
253 total_data_size, data_in_this_rsp));
254 return -EINVAL;
255 } else {
256 cFYI(1, ("missing %d bytes from transact2, check next response",
257 remaining));
258 if (total_data_size > maxBufSize) {
259 cERROR(1, ("TotalDataSize %d is over maximum buffer %d",
260 total_data_size, maxBufSize));
261 return -EINVAL;
262 }
263 return remaining;
264 }
265 }
266
267 static int coalesce_t2(struct smb_hdr *psecond, struct smb_hdr *pTargetSMB)
268 {
269 struct smb_t2_rsp *pSMB2 = (struct smb_t2_rsp *)psecond;
270 struct smb_t2_rsp *pSMBt = (struct smb_t2_rsp *)pTargetSMB;
271 int total_data_size;
272 int total_in_buf;
273 int remaining;
274 int total_in_buf2;
275 char *data_area_of_target;
276 char *data_area_of_buf2;
277 __u16 byte_count;
278
279 total_data_size = le16_to_cpu(pSMBt->t2_rsp.TotalDataCount);
280
281 if (total_data_size != le16_to_cpu(pSMB2->t2_rsp.TotalDataCount)) {
282 cFYI(1, ("total data size of primary and secondary t2 differ"));
283 }
284
285 total_in_buf = le16_to_cpu(pSMBt->t2_rsp.DataCount);
286
287 remaining = total_data_size - total_in_buf;
288
289 if (remaining < 0)
290 return -EINVAL;
291
292 if (remaining == 0) /* nothing to do, ignore */
293 return 0;
294
295 total_in_buf2 = le16_to_cpu(pSMB2->t2_rsp.DataCount);
296 if (remaining < total_in_buf2) {
297 cFYI(1, ("transact2 2nd response contains too much data"));
298 }
299
300 /* find end of first SMB data area */
301 data_area_of_target = (char *)&pSMBt->hdr.Protocol +
302 le16_to_cpu(pSMBt->t2_rsp.DataOffset);
303 /* validate target area */
304
305 data_area_of_buf2 = (char *) &pSMB2->hdr.Protocol +
306 le16_to_cpu(pSMB2->t2_rsp.DataOffset);
307
308 data_area_of_target += total_in_buf;
309
310 /* copy second buffer into end of first buffer */
311 memcpy(data_area_of_target, data_area_of_buf2, total_in_buf2);
312 total_in_buf += total_in_buf2;
313 pSMBt->t2_rsp.DataCount = cpu_to_le16(total_in_buf);
314 byte_count = le16_to_cpu(BCC_LE(pTargetSMB));
315 byte_count += total_in_buf2;
316 BCC_LE(pTargetSMB) = cpu_to_le16(byte_count);
317
318 byte_count = pTargetSMB->smb_buf_length;
319 byte_count += total_in_buf2;
320
321 /* BB also add check that we are not beyond maximum buffer size */
322
323 pTargetSMB->smb_buf_length = byte_count;
324
325 if (remaining == total_in_buf2) {
326 cFYI(1, ("found the last secondary response"));
327 return 0; /* we are done */
328 } else /* more responses to go */
329 return 1;
330
331 }
332
333 static int
334 cifs_demultiplex_thread(struct TCP_Server_Info *server)
335 {
336 int length;
337 unsigned int pdu_length, total_read;
338 struct smb_hdr *smb_buffer = NULL;
339 struct smb_hdr *bigbuf = NULL;
340 struct smb_hdr *smallbuf = NULL;
341 struct msghdr smb_msg;
342 struct kvec iov;
343 struct socket *csocket = server->ssocket;
344 struct list_head *tmp;
345 struct cifsSesInfo *ses;
346 struct task_struct *task_to_wake = NULL;
347 struct mid_q_entry *mid_entry;
348 char temp;
349 bool isLargeBuf = false;
350 bool isMultiRsp;
351 int reconnect;
352
353 current->flags |= PF_MEMALLOC;
354 cFYI(1, ("Demultiplex PID: %d", task_pid_nr(current)));
355
356 length = atomic_inc_return(&tcpSesAllocCount);
357 if (length > 1)
358 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
359 GFP_KERNEL);
360
361 set_freezable();
362 while (server->tcpStatus != CifsExiting) {
363 if (try_to_freeze())
364 continue;
365 if (bigbuf == NULL) {
366 bigbuf = cifs_buf_get();
367 if (!bigbuf) {
368 cERROR(1, ("No memory for large SMB response"));
369 msleep(3000);
370 /* retry will check if exiting */
371 continue;
372 }
373 } else if (isLargeBuf) {
374 /* we are reusing a dirty large buf, clear its start */
375 memset(bigbuf, 0, sizeof(struct smb_hdr));
376 }
377
378 if (smallbuf == NULL) {
379 smallbuf = cifs_small_buf_get();
380 if (!smallbuf) {
381 cERROR(1, ("No memory for SMB response"));
382 msleep(1000);
383 /* retry will check if exiting */
384 continue;
385 }
386 /* beginning of smb buffer is cleared in our buf_get */
387 } else /* if existing small buf clear beginning */
388 memset(smallbuf, 0, sizeof(struct smb_hdr));
389
390 isLargeBuf = false;
391 isMultiRsp = false;
392 smb_buffer = smallbuf;
393 iov.iov_base = smb_buffer;
394 iov.iov_len = 4;
395 smb_msg.msg_control = NULL;
396 smb_msg.msg_controllen = 0;
397 pdu_length = 4; /* enough to get RFC1001 header */
398 incomplete_rcv:
399 length =
400 kernel_recvmsg(csocket, &smb_msg,
401 &iov, 1, pdu_length, 0 /* BB other flags? */);
402
403 if (server->tcpStatus == CifsExiting) {
404 break;
405 } else if (server->tcpStatus == CifsNeedReconnect) {
406 cFYI(1, ("Reconnect after server stopped responding"));
407 cifs_reconnect(server);
408 cFYI(1, ("call to reconnect done"));
409 csocket = server->ssocket;
410 continue;
411 } else if ((length == -ERESTARTSYS) || (length == -EAGAIN)) {
412 msleep(1); /* minimum sleep to prevent looping
413 allowing socket to clear and app threads to set
414 tcpStatus CifsNeedReconnect if server hung */
415 if (pdu_length < 4) {
416 iov.iov_base = (4 - pdu_length) +
417 (char *)smb_buffer;
418 iov.iov_len = pdu_length;
419 smb_msg.msg_control = NULL;
420 smb_msg.msg_controllen = 0;
421 goto incomplete_rcv;
422 } else
423 continue;
424 } else if (length <= 0) {
425 if (server->tcpStatus == CifsNew) {
426 cFYI(1, ("tcp session abend after SMBnegprot"));
427 /* some servers kill the TCP session rather than
428 returning an SMB negprot error, in which
429 case reconnecting here is not going to help,
430 and so simply return error to mount */
431 break;
432 }
433 if (!try_to_freeze() && (length == -EINTR)) {
434 cFYI(1, ("cifsd thread killed"));
435 break;
436 }
437 cFYI(1, ("Reconnect after unexpected peek error %d",
438 length));
439 cifs_reconnect(server);
440 csocket = server->ssocket;
441 wake_up(&server->response_q);
442 continue;
443 } else if (length < pdu_length) {
444 cFYI(1, ("requested %d bytes but only got %d bytes",
445 pdu_length, length));
446 pdu_length -= length;
447 msleep(1);
448 goto incomplete_rcv;
449 }
450
451 /* The right amount was read from socket - 4 bytes */
452 /* so we can now interpret the length field */
453
454 /* the first byte big endian of the length field,
455 is actually not part of the length but the type
456 with the most common, zero, as regular data */
457 temp = *((char *) smb_buffer);
458
459 /* Note that FC 1001 length is big endian on the wire,
460 but we convert it here so it is always manipulated
461 as host byte order */
462 pdu_length = be32_to_cpu((__force __be32)smb_buffer->smb_buf_length);
463 smb_buffer->smb_buf_length = pdu_length;
464
465 cFYI(1, ("rfc1002 length 0x%x", pdu_length+4));
466
467 if (temp == (char) RFC1002_SESSION_KEEP_ALIVE) {
468 continue;
469 } else if (temp == (char)RFC1002_POSITIVE_SESSION_RESPONSE) {
470 cFYI(1, ("Good RFC 1002 session rsp"));
471 continue;
472 } else if (temp == (char)RFC1002_NEGATIVE_SESSION_RESPONSE) {
473 /* we get this from Windows 98 instead of
474 an error on SMB negprot response */
475 cFYI(1, ("Negative RFC1002 Session Response Error 0x%x)",
476 pdu_length));
477 if (server->tcpStatus == CifsNew) {
478 /* if nack on negprot (rather than
479 ret of smb negprot error) reconnecting
480 not going to help, ret error to mount */
481 break;
482 } else {
483 /* give server a second to
484 clean up before reconnect attempt */
485 msleep(1000);
486 /* always try 445 first on reconnect
487 since we get NACK on some if we ever
488 connected to port 139 (the NACK is
489 since we do not begin with RFC1001
490 session initialize frame) */
491 server->addr.sockAddr.sin_port =
492 htons(CIFS_PORT);
493 cifs_reconnect(server);
494 csocket = server->ssocket;
495 wake_up(&server->response_q);
496 continue;
497 }
498 } else if (temp != (char) 0) {
499 cERROR(1, ("Unknown RFC 1002 frame"));
500 cifs_dump_mem(" Received Data: ", (char *)smb_buffer,
501 length);
502 cifs_reconnect(server);
503 csocket = server->ssocket;
504 continue;
505 }
506
507 /* else we have an SMB response */
508 if ((pdu_length > CIFSMaxBufSize + MAX_CIFS_HDR_SIZE - 4) ||
509 (pdu_length < sizeof(struct smb_hdr) - 1 - 4)) {
510 cERROR(1, ("Invalid size SMB length %d pdu_length %d",
511 length, pdu_length+4));
512 cifs_reconnect(server);
513 csocket = server->ssocket;
514 wake_up(&server->response_q);
515 continue;
516 }
517
518 /* else length ok */
519 reconnect = 0;
520
521 if (pdu_length > MAX_CIFS_SMALL_BUFFER_SIZE - 4) {
522 isLargeBuf = true;
523 memcpy(bigbuf, smallbuf, 4);
524 smb_buffer = bigbuf;
525 }
526 length = 0;
527 iov.iov_base = 4 + (char *)smb_buffer;
528 iov.iov_len = pdu_length;
529 for (total_read = 0; total_read < pdu_length;
530 total_read += length) {
531 length = kernel_recvmsg(csocket, &smb_msg, &iov, 1,
532 pdu_length - total_read, 0);
533 if ((server->tcpStatus == CifsExiting) ||
534 (length == -EINTR)) {
535 /* then will exit */
536 reconnect = 2;
537 break;
538 } else if (server->tcpStatus == CifsNeedReconnect) {
539 cifs_reconnect(server);
540 csocket = server->ssocket;
541 /* Reconnect wakes up rspns q */
542 /* Now we will reread sock */
543 reconnect = 1;
544 break;
545 } else if ((length == -ERESTARTSYS) ||
546 (length == -EAGAIN)) {
547 msleep(1); /* minimum sleep to prevent looping,
548 allowing socket to clear and app
549 threads to set tcpStatus
550 CifsNeedReconnect if server hung*/
551 length = 0;
552 continue;
553 } else if (length <= 0) {
554 cERROR(1, ("Received no data, expecting %d",
555 pdu_length - total_read));
556 cifs_reconnect(server);
557 csocket = server->ssocket;
558 reconnect = 1;
559 break;
560 }
561 }
562 if (reconnect == 2)
563 break;
564 else if (reconnect == 1)
565 continue;
566
567 length += 4; /* account for rfc1002 hdr */
568
569
570 dump_smb(smb_buffer, length);
571 if (checkSMB(smb_buffer, smb_buffer->Mid, total_read+4)) {
572 cifs_dump_mem("Bad SMB: ", smb_buffer, 48);
573 continue;
574 }
575
576
577 task_to_wake = NULL;
578 spin_lock(&GlobalMid_Lock);
579 list_for_each(tmp, &server->pending_mid_q) {
580 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
581
582 if ((mid_entry->mid == smb_buffer->Mid) &&
583 (mid_entry->midState == MID_REQUEST_SUBMITTED) &&
584 (mid_entry->command == smb_buffer->Command)) {
585 if (check2ndT2(smb_buffer,server->maxBuf) > 0) {
586 /* We have a multipart transact2 resp */
587 isMultiRsp = true;
588 if (mid_entry->resp_buf) {
589 /* merge response - fix up 1st*/
590 if (coalesce_t2(smb_buffer,
591 mid_entry->resp_buf)) {
592 mid_entry->multiRsp =
593 true;
594 break;
595 } else {
596 /* all parts received */
597 mid_entry->multiEnd =
598 true;
599 goto multi_t2_fnd;
600 }
601 } else {
602 if (!isLargeBuf) {
603 cERROR(1,("1st trans2 resp needs bigbuf"));
604 /* BB maybe we can fix this up, switch
605 to already allocated large buffer? */
606 } else {
607 /* Have first buffer */
608 mid_entry->resp_buf =
609 smb_buffer;
610 mid_entry->largeBuf =
611 true;
612 bigbuf = NULL;
613 }
614 }
615 break;
616 }
617 mid_entry->resp_buf = smb_buffer;
618 mid_entry->largeBuf = isLargeBuf;
619 multi_t2_fnd:
620 task_to_wake = mid_entry->tsk;
621 mid_entry->midState = MID_RESPONSE_RECEIVED;
622 #ifdef CONFIG_CIFS_STATS2
623 mid_entry->when_received = jiffies;
624 #endif
625 /* so we do not time out requests to server
626 which is still responding (since server could
627 be busy but not dead) */
628 server->lstrp = jiffies;
629 break;
630 }
631 }
632 spin_unlock(&GlobalMid_Lock);
633 if (task_to_wake) {
634 /* Was previous buf put in mpx struct for multi-rsp? */
635 if (!isMultiRsp) {
636 /* smb buffer will be freed by user thread */
637 if (isLargeBuf)
638 bigbuf = NULL;
639 else
640 smallbuf = NULL;
641 }
642 wake_up_process(task_to_wake);
643 } else if (!is_valid_oplock_break(smb_buffer, server) &&
644 !isMultiRsp) {
645 cERROR(1, ("No task to wake, unknown frame received! "
646 "NumMids %d", midCount.counter));
647 cifs_dump_mem("Received Data is: ", (char *)smb_buffer,
648 sizeof(struct smb_hdr));
649 #ifdef CONFIG_CIFS_DEBUG2
650 cifs_dump_detail(smb_buffer);
651 cifs_dump_mids(server);
652 #endif /* CIFS_DEBUG2 */
653
654 }
655 } /* end while !EXITING */
656
657 /* take it off the list, if it's not already */
658 write_lock(&cifs_tcp_ses_lock);
659 list_del_init(&server->tcp_ses_list);
660 write_unlock(&cifs_tcp_ses_lock);
661
662 spin_lock(&GlobalMid_Lock);
663 server->tcpStatus = CifsExiting;
664 spin_unlock(&GlobalMid_Lock);
665 wake_up_all(&server->response_q);
666
667 /* check if we have blocked requests that need to free */
668 /* Note that cifs_max_pending is normally 50, but
669 can be set at module install time to as little as two */
670 spin_lock(&GlobalMid_Lock);
671 if (atomic_read(&server->inFlight) >= cifs_max_pending)
672 atomic_set(&server->inFlight, cifs_max_pending - 1);
673 /* We do not want to set the max_pending too low or we
674 could end up with the counter going negative */
675 spin_unlock(&GlobalMid_Lock);
676 /* Although there should not be any requests blocked on
677 this queue it can not hurt to be paranoid and try to wake up requests
678 that may haven been blocked when more than 50 at time were on the wire
679 to the same server - they now will see the session is in exit state
680 and get out of SendReceive. */
681 wake_up_all(&server->request_q);
682 /* give those requests time to exit */
683 msleep(125);
684
685 if (server->ssocket) {
686 sock_release(csocket);
687 server->ssocket = NULL;
688 }
689 /* buffer usuallly freed in free_mid - need to free it here on exit */
690 cifs_buf_release(bigbuf);
691 if (smallbuf) /* no sense logging a debug message if NULL */
692 cifs_small_buf_release(smallbuf);
693
694 /*
695 * BB: we shouldn't have to do any of this. It shouldn't be
696 * possible to exit from the thread with active SMB sessions
697 */
698 read_lock(&cifs_tcp_ses_lock);
699 if (list_empty(&server->pending_mid_q)) {
700 /* loop through server session structures attached to this and
701 mark them dead */
702 list_for_each(tmp, &server->smb_ses_list) {
703 ses = list_entry(tmp, struct cifsSesInfo,
704 smb_ses_list);
705 ses->status = CifsExiting;
706 ses->server = NULL;
707 }
708 read_unlock(&cifs_tcp_ses_lock);
709 } else {
710 /* although we can not zero the server struct pointer yet,
711 since there are active requests which may depnd on them,
712 mark the corresponding SMB sessions as exiting too */
713 list_for_each(tmp, &server->smb_ses_list) {
714 ses = list_entry(tmp, struct cifsSesInfo,
715 smb_ses_list);
716 ses->status = CifsExiting;
717 }
718
719 spin_lock(&GlobalMid_Lock);
720 list_for_each(tmp, &server->pending_mid_q) {
721 mid_entry = list_entry(tmp, struct mid_q_entry, qhead);
722 if (mid_entry->midState == MID_REQUEST_SUBMITTED) {
723 cFYI(1, ("Clearing Mid 0x%x - waking up ",
724 mid_entry->mid));
725 task_to_wake = mid_entry->tsk;
726 if (task_to_wake)
727 wake_up_process(task_to_wake);
728 }
729 }
730 spin_unlock(&GlobalMid_Lock);
731 read_unlock(&cifs_tcp_ses_lock);
732 /* 1/8th of sec is more than enough time for them to exit */
733 msleep(125);
734 }
735
736 if (!list_empty(&server->pending_mid_q)) {
737 /* mpx threads have not exited yet give them
738 at least the smb send timeout time for long ops */
739 /* due to delays on oplock break requests, we need
740 to wait at least 45 seconds before giving up
741 on a request getting a response and going ahead
742 and killing cifsd */
743 cFYI(1, ("Wait for exit from demultiplex thread"));
744 msleep(46000);
745 /* if threads still have not exited they are probably never
746 coming home not much else we can do but free the memory */
747 }
748
749 /* last chance to mark ses pointers invalid
750 if there are any pointing to this (e.g
751 if a crazy root user tried to kill cifsd
752 kernel thread explicitly this might happen) */
753 /* BB: This shouldn't be necessary, see above */
754 read_lock(&cifs_tcp_ses_lock);
755 list_for_each(tmp, &server->smb_ses_list) {
756 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
757 ses->server = NULL;
758 }
759 read_unlock(&cifs_tcp_ses_lock);
760
761 kfree(server->hostname);
762 task_to_wake = xchg(&server->tsk, NULL);
763 kfree(server);
764
765 length = atomic_dec_return(&tcpSesAllocCount);
766 if (length > 0)
767 mempool_resize(cifs_req_poolp, length + cifs_min_rcv,
768 GFP_KERNEL);
769
770 /* if server->tsk was NULL then wait for a signal before exiting */
771 if (!task_to_wake) {
772 set_current_state(TASK_INTERRUPTIBLE);
773 while (!signal_pending(current)) {
774 schedule();
775 set_current_state(TASK_INTERRUPTIBLE);
776 }
777 set_current_state(TASK_RUNNING);
778 }
779
780 return 0;
781 }
782
783 /* extract the host portion of the UNC string */
784 static char *
785 extract_hostname(const char *unc)
786 {
787 const char *src;
788 char *dst, *delim;
789 unsigned int len;
790
791 /* skip double chars at beginning of string */
792 /* BB: check validity of these bytes? */
793 src = unc + 2;
794
795 /* delimiter between hostname and sharename is always '\\' now */
796 delim = strchr(src, '\\');
797 if (!delim)
798 return ERR_PTR(-EINVAL);
799
800 len = delim - src;
801 dst = kmalloc((len + 1), GFP_KERNEL);
802 if (dst == NULL)
803 return ERR_PTR(-ENOMEM);
804
805 memcpy(dst, src, len);
806 dst[len] = '\0';
807
808 return dst;
809 }
810
811 static int
812 cifs_parse_mount_options(char *options, const char *devname,
813 struct smb_vol *vol)
814 {
815 char *value;
816 char *data;
817 unsigned int temp_len, i, j;
818 char separator[2];
819
820 separator[0] = ',';
821 separator[1] = 0;
822
823 if (Local_System_Name[0] != 0)
824 memcpy(vol->source_rfc1001_name, Local_System_Name, 15);
825 else {
826 char *nodename = utsname()->nodename;
827 int n = strnlen(nodename, 15);
828 memset(vol->source_rfc1001_name, 0x20, 15);
829 for (i = 0; i < n; i++) {
830 /* does not have to be perfect mapping since field is
831 informational, only used for servers that do not support
832 port 445 and it can be overridden at mount time */
833 vol->source_rfc1001_name[i] = toupper(nodename[i]);
834 }
835 }
836 vol->source_rfc1001_name[15] = 0;
837 /* null target name indicates to use *SMBSERVR default called name
838 if we end up sending RFC1001 session initialize */
839 vol->target_rfc1001_name[0] = 0;
840 vol->linux_uid = current->uid; /* current->euid instead? */
841 vol->linux_gid = current->gid;
842 vol->dir_mode = S_IRWXUGO;
843 /* 2767 perms indicate mandatory locking support */
844 vol->file_mode = (S_IRWXUGO | S_ISGID) & (~S_IXGRP);
845
846 /* vol->retry default is 0 (i.e. "soft" limited retry not hard retry) */
847 vol->rw = true;
848 /* default is always to request posix paths. */
849 vol->posix_paths = 1;
850
851 if (!options)
852 return 1;
853
854 if (strncmp(options, "sep=", 4) == 0) {
855 if (options[4] != 0) {
856 separator[0] = options[4];
857 options += 5;
858 } else {
859 cFYI(1, ("Null separator not allowed"));
860 }
861 }
862
863 while ((data = strsep(&options, separator)) != NULL) {
864 if (!*data)
865 continue;
866 if ((value = strchr(data, '=')) != NULL)
867 *value++ = '\0';
868
869 /* Have to parse this before we parse for "user" */
870 if (strnicmp(data, "user_xattr", 10) == 0) {
871 vol->no_xattr = 0;
872 } else if (strnicmp(data, "nouser_xattr", 12) == 0) {
873 vol->no_xattr = 1;
874 } else if (strnicmp(data, "user", 4) == 0) {
875 if (!value) {
876 printk(KERN_WARNING
877 "CIFS: invalid or missing username\n");
878 return 1; /* needs_arg; */
879 } else if (!*value) {
880 /* null user, ie anonymous, authentication */
881 vol->nullauth = 1;
882 }
883 if (strnlen(value, 200) < 200) {
884 vol->username = value;
885 } else {
886 printk(KERN_WARNING "CIFS: username too long\n");
887 return 1;
888 }
889 } else if (strnicmp(data, "pass", 4) == 0) {
890 if (!value) {
891 vol->password = NULL;
892 continue;
893 } else if (value[0] == 0) {
894 /* check if string begins with double comma
895 since that would mean the password really
896 does start with a comma, and would not
897 indicate an empty string */
898 if (value[1] != separator[0]) {
899 vol->password = NULL;
900 continue;
901 }
902 }
903 temp_len = strlen(value);
904 /* removed password length check, NTLM passwords
905 can be arbitrarily long */
906
907 /* if comma in password, the string will be
908 prematurely null terminated. Commas in password are
909 specified across the cifs mount interface by a double
910 comma ie ,, and a comma used as in other cases ie ','
911 as a parameter delimiter/separator is single and due
912 to the strsep above is temporarily zeroed. */
913
914 /* NB: password legally can have multiple commas and
915 the only illegal character in a password is null */
916
917 if ((value[temp_len] == 0) &&
918 (value[temp_len+1] == separator[0])) {
919 /* reinsert comma */
920 value[temp_len] = separator[0];
921 temp_len += 2; /* move after second comma */
922 while (value[temp_len] != 0) {
923 if (value[temp_len] == separator[0]) {
924 if (value[temp_len+1] ==
925 separator[0]) {
926 /* skip second comma */
927 temp_len++;
928 } else {
929 /* single comma indicating start
930 of next parm */
931 break;
932 }
933 }
934 temp_len++;
935 }
936 if (value[temp_len] == 0) {
937 options = NULL;
938 } else {
939 value[temp_len] = 0;
940 /* point option to start of next parm */
941 options = value + temp_len + 1;
942 }
943 /* go from value to value + temp_len condensing
944 double commas to singles. Note that this ends up
945 allocating a few bytes too many, which is ok */
946 vol->password = kzalloc(temp_len, GFP_KERNEL);
947 if (vol->password == NULL) {
948 printk(KERN_WARNING "CIFS: no memory "
949 "for password\n");
950 return 1;
951 }
952 for (i = 0, j = 0; i < temp_len; i++, j++) {
953 vol->password[j] = value[i];
954 if (value[i] == separator[0]
955 && value[i+1] == separator[0]) {
956 /* skip second comma */
957 i++;
958 }
959 }
960 vol->password[j] = 0;
961 } else {
962 vol->password = kzalloc(temp_len+1, GFP_KERNEL);
963 if (vol->password == NULL) {
964 printk(KERN_WARNING "CIFS: no memory "
965 "for password\n");
966 return 1;
967 }
968 strcpy(vol->password, value);
969 }
970 } else if (strnicmp(data, "ip", 2) == 0) {
971 if (!value || !*value) {
972 vol->UNCip = NULL;
973 } else if (strnlen(value, 35) < 35) {
974 vol->UNCip = value;
975 } else {
976 printk(KERN_WARNING "CIFS: ip address "
977 "too long\n");
978 return 1;
979 }
980 } else if (strnicmp(data, "sec", 3) == 0) {
981 if (!value || !*value) {
982 cERROR(1, ("no security value specified"));
983 continue;
984 } else if (strnicmp(value, "krb5i", 5) == 0) {
985 vol->secFlg |= CIFSSEC_MAY_KRB5 |
986 CIFSSEC_MUST_SIGN;
987 } else if (strnicmp(value, "krb5p", 5) == 0) {
988 /* vol->secFlg |= CIFSSEC_MUST_SEAL |
989 CIFSSEC_MAY_KRB5; */
990 cERROR(1, ("Krb5 cifs privacy not supported"));
991 return 1;
992 } else if (strnicmp(value, "krb5", 4) == 0) {
993 vol->secFlg |= CIFSSEC_MAY_KRB5;
994 } else if (strnicmp(value, "ntlmv2i", 7) == 0) {
995 vol->secFlg |= CIFSSEC_MAY_NTLMV2 |
996 CIFSSEC_MUST_SIGN;
997 } else if (strnicmp(value, "ntlmv2", 6) == 0) {
998 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
999 } else if (strnicmp(value, "ntlmi", 5) == 0) {
1000 vol->secFlg |= CIFSSEC_MAY_NTLM |
1001 CIFSSEC_MUST_SIGN;
1002 } else if (strnicmp(value, "ntlm", 4) == 0) {
1003 /* ntlm is default so can be turned off too */
1004 vol->secFlg |= CIFSSEC_MAY_NTLM;
1005 } else if (strnicmp(value, "nontlm", 6) == 0) {
1006 /* BB is there a better way to do this? */
1007 vol->secFlg |= CIFSSEC_MAY_NTLMV2;
1008 #ifdef CONFIG_CIFS_WEAK_PW_HASH
1009 } else if (strnicmp(value, "lanman", 6) == 0) {
1010 vol->secFlg |= CIFSSEC_MAY_LANMAN;
1011 #endif
1012 } else if (strnicmp(value, "none", 4) == 0) {
1013 vol->nullauth = 1;
1014 } else {
1015 cERROR(1, ("bad security option: %s", value));
1016 return 1;
1017 }
1018 } else if ((strnicmp(data, "unc", 3) == 0)
1019 || (strnicmp(data, "target", 6) == 0)
1020 || (strnicmp(data, "path", 4) == 0)) {
1021 if (!value || !*value) {
1022 printk(KERN_WARNING "CIFS: invalid path to "
1023 "network resource\n");
1024 return 1; /* needs_arg; */
1025 }
1026 if ((temp_len = strnlen(value, 300)) < 300) {
1027 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1028 if (vol->UNC == NULL)
1029 return 1;
1030 strcpy(vol->UNC, value);
1031 if (strncmp(vol->UNC, "//", 2) == 0) {
1032 vol->UNC[0] = '\\';
1033 vol->UNC[1] = '\\';
1034 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1035 printk(KERN_WARNING
1036 "CIFS: UNC Path does not begin "
1037 "with // or \\\\ \n");
1038 return 1;
1039 }
1040 } else {
1041 printk(KERN_WARNING "CIFS: UNC name too long\n");
1042 return 1;
1043 }
1044 } else if ((strnicmp(data, "domain", 3) == 0)
1045 || (strnicmp(data, "workgroup", 5) == 0)) {
1046 if (!value || !*value) {
1047 printk(KERN_WARNING "CIFS: invalid domain name\n");
1048 return 1; /* needs_arg; */
1049 }
1050 /* BB are there cases in which a comma can be valid in
1051 a domain name and need special handling? */
1052 if (strnlen(value, 256) < 256) {
1053 vol->domainname = value;
1054 cFYI(1, ("Domain name set"));
1055 } else {
1056 printk(KERN_WARNING "CIFS: domain name too "
1057 "long\n");
1058 return 1;
1059 }
1060 } else if (strnicmp(data, "prefixpath", 10) == 0) {
1061 if (!value || !*value) {
1062 printk(KERN_WARNING
1063 "CIFS: invalid path prefix\n");
1064 return 1; /* needs_argument */
1065 }
1066 if ((temp_len = strnlen(value, 1024)) < 1024) {
1067 if (value[0] != '/')
1068 temp_len++; /* missing leading slash */
1069 vol->prepath = kmalloc(temp_len+1, GFP_KERNEL);
1070 if (vol->prepath == NULL)
1071 return 1;
1072 if (value[0] != '/') {
1073 vol->prepath[0] = '/';
1074 strcpy(vol->prepath+1, value);
1075 } else
1076 strcpy(vol->prepath, value);
1077 cFYI(1, ("prefix path %s", vol->prepath));
1078 } else {
1079 printk(KERN_WARNING "CIFS: prefix too long\n");
1080 return 1;
1081 }
1082 } else if (strnicmp(data, "iocharset", 9) == 0) {
1083 if (!value || !*value) {
1084 printk(KERN_WARNING "CIFS: invalid iocharset "
1085 "specified\n");
1086 return 1; /* needs_arg; */
1087 }
1088 if (strnlen(value, 65) < 65) {
1089 if (strnicmp(value, "default", 7))
1090 vol->iocharset = value;
1091 /* if iocharset not set then load_nls_default
1092 is used by caller */
1093 cFYI(1, ("iocharset set to %s", value));
1094 } else {
1095 printk(KERN_WARNING "CIFS: iocharset name "
1096 "too long.\n");
1097 return 1;
1098 }
1099 } else if (strnicmp(data, "uid", 3) == 0) {
1100 if (value && *value) {
1101 vol->linux_uid =
1102 simple_strtoul(value, &value, 0);
1103 vol->override_uid = 1;
1104 }
1105 } else if (strnicmp(data, "gid", 3) == 0) {
1106 if (value && *value) {
1107 vol->linux_gid =
1108 simple_strtoul(value, &value, 0);
1109 vol->override_gid = 1;
1110 }
1111 } else if (strnicmp(data, "file_mode", 4) == 0) {
1112 if (value && *value) {
1113 vol->file_mode =
1114 simple_strtoul(value, &value, 0);
1115 }
1116 } else if (strnicmp(data, "dir_mode", 4) == 0) {
1117 if (value && *value) {
1118 vol->dir_mode =
1119 simple_strtoul(value, &value, 0);
1120 }
1121 } else if (strnicmp(data, "dirmode", 4) == 0) {
1122 if (value && *value) {
1123 vol->dir_mode =
1124 simple_strtoul(value, &value, 0);
1125 }
1126 } else if (strnicmp(data, "port", 4) == 0) {
1127 if (value && *value) {
1128 vol->port =
1129 simple_strtoul(value, &value, 0);
1130 }
1131 } else if (strnicmp(data, "rsize", 5) == 0) {
1132 if (value && *value) {
1133 vol->rsize =
1134 simple_strtoul(value, &value, 0);
1135 }
1136 } else if (strnicmp(data, "wsize", 5) == 0) {
1137 if (value && *value) {
1138 vol->wsize =
1139 simple_strtoul(value, &value, 0);
1140 }
1141 } else if (strnicmp(data, "sockopt", 5) == 0) {
1142 if (value && *value) {
1143 vol->sockopt =
1144 simple_strtoul(value, &value, 0);
1145 }
1146 } else if (strnicmp(data, "netbiosname", 4) == 0) {
1147 if (!value || !*value || (*value == ' ')) {
1148 cFYI(1, ("invalid (empty) netbiosname"));
1149 } else {
1150 memset(vol->source_rfc1001_name, 0x20, 15);
1151 for (i = 0; i < 15; i++) {
1152 /* BB are there cases in which a comma can be
1153 valid in this workstation netbios name (and need
1154 special handling)? */
1155
1156 /* We do not uppercase netbiosname for user */
1157 if (value[i] == 0)
1158 break;
1159 else
1160 vol->source_rfc1001_name[i] =
1161 value[i];
1162 }
1163 /* The string has 16th byte zero still from
1164 set at top of the function */
1165 if ((i == 15) && (value[i] != 0))
1166 printk(KERN_WARNING "CIFS: netbiosname"
1167 " longer than 15 truncated.\n");
1168 }
1169 } else if (strnicmp(data, "servern", 7) == 0) {
1170 /* servernetbiosname specified override *SMBSERVER */
1171 if (!value || !*value || (*value == ' ')) {
1172 cFYI(1, ("empty server netbiosname specified"));
1173 } else {
1174 /* last byte, type, is 0x20 for servr type */
1175 memset(vol->target_rfc1001_name, 0x20, 16);
1176
1177 for (i = 0; i < 15; i++) {
1178 /* BB are there cases in which a comma can be
1179 valid in this workstation netbios name
1180 (and need special handling)? */
1181
1182 /* user or mount helper must uppercase
1183 the netbiosname */
1184 if (value[i] == 0)
1185 break;
1186 else
1187 vol->target_rfc1001_name[i] =
1188 value[i];
1189 }
1190 /* The string has 16th byte zero still from
1191 set at top of the function */
1192 if ((i == 15) && (value[i] != 0))
1193 printk(KERN_WARNING "CIFS: server net"
1194 "biosname longer than 15 truncated.\n");
1195 }
1196 } else if (strnicmp(data, "credentials", 4) == 0) {
1197 /* ignore */
1198 } else if (strnicmp(data, "version", 3) == 0) {
1199 /* ignore */
1200 } else if (strnicmp(data, "guest", 5) == 0) {
1201 /* ignore */
1202 } else if (strnicmp(data, "rw", 2) == 0) {
1203 vol->rw = true;
1204 } else if (strnicmp(data, "noblocksend", 11) == 0) {
1205 vol->noblocksnd = 1;
1206 } else if (strnicmp(data, "noautotune", 10) == 0) {
1207 vol->noautotune = 1;
1208 } else if ((strnicmp(data, "suid", 4) == 0) ||
1209 (strnicmp(data, "nosuid", 6) == 0) ||
1210 (strnicmp(data, "exec", 4) == 0) ||
1211 (strnicmp(data, "noexec", 6) == 0) ||
1212 (strnicmp(data, "nodev", 5) == 0) ||
1213 (strnicmp(data, "noauto", 6) == 0) ||
1214 (strnicmp(data, "dev", 3) == 0)) {
1215 /* The mount tool or mount.cifs helper (if present)
1216 uses these opts to set flags, and the flags are read
1217 by the kernel vfs layer before we get here (ie
1218 before read super) so there is no point trying to
1219 parse these options again and set anything and it
1220 is ok to just ignore them */
1221 continue;
1222 } else if (strnicmp(data, "ro", 2) == 0) {
1223 vol->rw = false;
1224 } else if (strnicmp(data, "hard", 4) == 0) {
1225 vol->retry = 1;
1226 } else if (strnicmp(data, "soft", 4) == 0) {
1227 vol->retry = 0;
1228 } else if (strnicmp(data, "perm", 4) == 0) {
1229 vol->noperm = 0;
1230 } else if (strnicmp(data, "noperm", 6) == 0) {
1231 vol->noperm = 1;
1232 } else if (strnicmp(data, "mapchars", 8) == 0) {
1233 vol->remap = 1;
1234 } else if (strnicmp(data, "nomapchars", 10) == 0) {
1235 vol->remap = 0;
1236 } else if (strnicmp(data, "sfu", 3) == 0) {
1237 vol->sfu_emul = 1;
1238 } else if (strnicmp(data, "nosfu", 5) == 0) {
1239 vol->sfu_emul = 0;
1240 } else if (strnicmp(data, "nodfs", 5) == 0) {
1241 vol->nodfs = 1;
1242 } else if (strnicmp(data, "posixpaths", 10) == 0) {
1243 vol->posix_paths = 1;
1244 } else if (strnicmp(data, "noposixpaths", 12) == 0) {
1245 vol->posix_paths = 0;
1246 } else if (strnicmp(data, "nounix", 6) == 0) {
1247 vol->no_linux_ext = 1;
1248 } else if (strnicmp(data, "nolinux", 7) == 0) {
1249 vol->no_linux_ext = 1;
1250 } else if ((strnicmp(data, "nocase", 6) == 0) ||
1251 (strnicmp(data, "ignorecase", 10) == 0)) {
1252 vol->nocase = 1;
1253 } else if (strnicmp(data, "brl", 3) == 0) {
1254 vol->nobrl = 0;
1255 } else if ((strnicmp(data, "nobrl", 5) == 0) ||
1256 (strnicmp(data, "nolock", 6) == 0)) {
1257 vol->nobrl = 1;
1258 /* turn off mandatory locking in mode
1259 if remote locking is turned off since the
1260 local vfs will do advisory */
1261 if (vol->file_mode ==
1262 (S_IALLUGO & ~(S_ISUID | S_IXGRP)))
1263 vol->file_mode = S_IALLUGO;
1264 } else if (strnicmp(data, "setuids", 7) == 0) {
1265 vol->setuids = 1;
1266 } else if (strnicmp(data, "nosetuids", 9) == 0) {
1267 vol->setuids = 0;
1268 } else if (strnicmp(data, "dynperm", 7) == 0) {
1269 vol->dynperm = true;
1270 } else if (strnicmp(data, "nodynperm", 9) == 0) {
1271 vol->dynperm = false;
1272 } else if (strnicmp(data, "nohard", 6) == 0) {
1273 vol->retry = 0;
1274 } else if (strnicmp(data, "nosoft", 6) == 0) {
1275 vol->retry = 1;
1276 } else if (strnicmp(data, "nointr", 6) == 0) {
1277 vol->intr = 0;
1278 } else if (strnicmp(data, "intr", 4) == 0) {
1279 vol->intr = 1;
1280 } else if (strnicmp(data, "serverino", 7) == 0) {
1281 vol->server_ino = 1;
1282 } else if (strnicmp(data, "noserverino", 9) == 0) {
1283 vol->server_ino = 0;
1284 } else if (strnicmp(data, "cifsacl", 7) == 0) {
1285 vol->cifs_acl = 1;
1286 } else if (strnicmp(data, "nocifsacl", 9) == 0) {
1287 vol->cifs_acl = 0;
1288 } else if (strnicmp(data, "acl", 3) == 0) {
1289 vol->no_psx_acl = 0;
1290 } else if (strnicmp(data, "noacl", 5) == 0) {
1291 vol->no_psx_acl = 1;
1292 #ifdef CONFIG_CIFS_EXPERIMENTAL
1293 } else if (strnicmp(data, "locallease", 6) == 0) {
1294 vol->local_lease = 1;
1295 #endif
1296 } else if (strnicmp(data, "sign", 4) == 0) {
1297 vol->secFlg |= CIFSSEC_MUST_SIGN;
1298 } else if (strnicmp(data, "seal", 4) == 0) {
1299 /* we do not do the following in secFlags because seal
1300 is a per tree connection (mount) not a per socket
1301 or per-smb connection option in the protocol */
1302 /* vol->secFlg |= CIFSSEC_MUST_SEAL; */
1303 vol->seal = 1;
1304 } else if (strnicmp(data, "direct", 6) == 0) {
1305 vol->direct_io = 1;
1306 } else if (strnicmp(data, "forcedirectio", 13) == 0) {
1307 vol->direct_io = 1;
1308 } else if (strnicmp(data, "in6_addr", 8) == 0) {
1309 if (!value || !*value) {
1310 vol->in6_addr = NULL;
1311 } else if (strnlen(value, 49) == 48) {
1312 vol->in6_addr = value;
1313 } else {
1314 printk(KERN_WARNING "CIFS: ip v6 address not "
1315 "48 characters long\n");
1316 return 1;
1317 }
1318 } else if (strnicmp(data, "noac", 4) == 0) {
1319 printk(KERN_WARNING "CIFS: Mount option noac not "
1320 "supported. Instead set "
1321 "/proc/fs/cifs/LookupCacheEnabled to 0\n");
1322 } else
1323 printk(KERN_WARNING "CIFS: Unknown mount option %s\n",
1324 data);
1325 }
1326 if (vol->UNC == NULL) {
1327 if (devname == NULL) {
1328 printk(KERN_WARNING "CIFS: Missing UNC name for mount "
1329 "target\n");
1330 return 1;
1331 }
1332 if ((temp_len = strnlen(devname, 300)) < 300) {
1333 vol->UNC = kmalloc(temp_len+1, GFP_KERNEL);
1334 if (vol->UNC == NULL)
1335 return 1;
1336 strcpy(vol->UNC, devname);
1337 if (strncmp(vol->UNC, "//", 2) == 0) {
1338 vol->UNC[0] = '\\';
1339 vol->UNC[1] = '\\';
1340 } else if (strncmp(vol->UNC, "\\\\", 2) != 0) {
1341 printk(KERN_WARNING "CIFS: UNC Path does not "
1342 "begin with // or \\\\ \n");
1343 return 1;
1344 }
1345 value = strpbrk(vol->UNC+2, "/\\");
1346 if (value)
1347 *value = '\\';
1348 } else {
1349 printk(KERN_WARNING "CIFS: UNC name too long\n");
1350 return 1;
1351 }
1352 }
1353 if (vol->UNCip == NULL)
1354 vol->UNCip = &vol->UNC[2];
1355
1356 return 0;
1357 }
1358
1359 static struct TCP_Server_Info *
1360 cifs_find_tcp_session(struct sockaddr *addr)
1361 {
1362 struct list_head *tmp;
1363 struct TCP_Server_Info *server;
1364 struct sockaddr_in *addr4 = (struct sockaddr_in *) addr;
1365 struct sockaddr_in6 *addr6 = (struct sockaddr_in6 *) addr;
1366
1367 write_lock(&cifs_tcp_ses_lock);
1368 list_for_each(tmp, &cifs_tcp_ses_list) {
1369 server = list_entry(tmp, struct TCP_Server_Info,
1370 tcp_ses_list);
1371
1372 /*
1373 * the demux thread can exit on its own while still in CifsNew
1374 * so don't accept any sockets in that state. Since the
1375 * tcpStatus never changes back to CifsNew it's safe to check
1376 * for this without a lock.
1377 */
1378 if (server->tcpStatus == CifsNew)
1379 continue;
1380
1381 if (addr->sa_family == AF_INET &&
1382 (addr4->sin_addr.s_addr !=
1383 server->addr.sockAddr.sin_addr.s_addr))
1384 continue;
1385 else if (addr->sa_family == AF_INET6 &&
1386 memcmp(&server->addr.sockAddr6.sin6_addr,
1387 &addr6->sin6_addr, sizeof(addr6->sin6_addr)))
1388 continue;
1389
1390 ++server->srv_count;
1391 write_unlock(&cifs_tcp_ses_lock);
1392 return server;
1393 }
1394 write_unlock(&cifs_tcp_ses_lock);
1395 return NULL;
1396 }
1397
1398 static void
1399 cifs_put_tcp_session(struct TCP_Server_Info *server)
1400 {
1401 struct task_struct *task;
1402
1403 write_lock(&cifs_tcp_ses_lock);
1404 if (--server->srv_count > 0) {
1405 write_unlock(&cifs_tcp_ses_lock);
1406 return;
1407 }
1408
1409 list_del_init(&server->tcp_ses_list);
1410 write_unlock(&cifs_tcp_ses_lock);
1411
1412 spin_lock(&GlobalMid_Lock);
1413 server->tcpStatus = CifsExiting;
1414 spin_unlock(&GlobalMid_Lock);
1415
1416 task = xchg(&server->tsk, NULL);
1417 if (task)
1418 force_sig(SIGKILL, task);
1419 }
1420
1421 static struct cifsSesInfo *
1422 cifs_find_smb_ses(struct TCP_Server_Info *server, char *username)
1423 {
1424 struct list_head *tmp;
1425 struct cifsSesInfo *ses;
1426
1427 write_lock(&cifs_tcp_ses_lock);
1428 list_for_each(tmp, &server->smb_ses_list) {
1429 ses = list_entry(tmp, struct cifsSesInfo, smb_ses_list);
1430 if (strncmp(ses->userName, username, MAX_USERNAME_SIZE))
1431 continue;
1432
1433 ++ses->ses_count;
1434 write_unlock(&cifs_tcp_ses_lock);
1435 return ses;
1436 }
1437 write_unlock(&cifs_tcp_ses_lock);
1438 return NULL;
1439 }
1440
1441 static void
1442 cifs_put_smb_ses(struct cifsSesInfo *ses)
1443 {
1444 int xid;
1445 struct TCP_Server_Info *server = ses->server;
1446
1447 write_lock(&cifs_tcp_ses_lock);
1448 if (--ses->ses_count > 0) {
1449 write_unlock(&cifs_tcp_ses_lock);
1450 return;
1451 }
1452
1453 list_del_init(&ses->smb_ses_list);
1454 write_unlock(&cifs_tcp_ses_lock);
1455
1456 if (ses->status == CifsGood) {
1457 xid = GetXid();
1458 CIFSSMBLogoff(xid, ses);
1459 _FreeXid(xid);
1460 }
1461 sesInfoFree(ses);
1462 cifs_put_tcp_session(server);
1463 }
1464
1465 int
1466 get_dfs_path(int xid, struct cifsSesInfo *pSesInfo, const char *old_path,
1467 const struct nls_table *nls_codepage, unsigned int *pnum_referrals,
1468 struct dfs_info3_param **preferrals, int remap)
1469 {
1470 char *temp_unc;
1471 int rc = 0;
1472
1473 *pnum_referrals = 0;
1474 *preferrals = NULL;
1475
1476 if (pSesInfo->ipc_tid == 0) {
1477 temp_unc = kmalloc(2 /* for slashes */ +
1478 strnlen(pSesInfo->serverName,
1479 SERVER_NAME_LEN_WITH_NULL * 2)
1480 + 1 + 4 /* slash IPC$ */ + 2,
1481 GFP_KERNEL);
1482 if (temp_unc == NULL)
1483 return -ENOMEM;
1484 temp_unc[0] = '\\';
1485 temp_unc[1] = '\\';
1486 strcpy(temp_unc + 2, pSesInfo->serverName);
1487 strcpy(temp_unc + 2 + strlen(pSesInfo->serverName), "\\IPC$");
1488 rc = CIFSTCon(xid, pSesInfo, temp_unc, NULL, nls_codepage);
1489 cFYI(1,
1490 ("CIFS Tcon rc = %d ipc_tid = %d", rc, pSesInfo->ipc_tid));
1491 kfree(temp_unc);
1492 }
1493 if (rc == 0)
1494 rc = CIFSGetDFSRefer(xid, pSesInfo, old_path, preferrals,
1495 pnum_referrals, nls_codepage, remap);
1496 /* BB map targetUNCs to dfs_info3 structures, here or
1497 in CIFSGetDFSRefer BB */
1498
1499 return rc;
1500 }
1501
1502 #ifdef CONFIG_DEBUG_LOCK_ALLOC
1503 static struct lock_class_key cifs_key[2];
1504 static struct lock_class_key cifs_slock_key[2];
1505
1506 static inline void
1507 cifs_reclassify_socket4(struct socket *sock)
1508 {
1509 struct sock *sk = sock->sk;
1510 BUG_ON(sock_owned_by_user(sk));
1511 sock_lock_init_class_and_name(sk, "slock-AF_INET-CIFS",
1512 &cifs_slock_key[0], "sk_lock-AF_INET-CIFS", &cifs_key[0]);
1513 }
1514
1515 static inline void
1516 cifs_reclassify_socket6(struct socket *sock)
1517 {
1518 struct sock *sk = sock->sk;
1519 BUG_ON(sock_owned_by_user(sk));
1520 sock_lock_init_class_and_name(sk, "slock-AF_INET6-CIFS",
1521 &cifs_slock_key[1], "sk_lock-AF_INET6-CIFS", &cifs_key[1]);
1522 }
1523 #else
1524 static inline void
1525 cifs_reclassify_socket4(struct socket *sock)
1526 {
1527 }
1528
1529 static inline void
1530 cifs_reclassify_socket6(struct socket *sock)
1531 {
1532 }
1533 #endif
1534
1535 /* See RFC1001 section 14 on representation of Netbios names */
1536 static void rfc1002mangle(char *target, char *source, unsigned int length)
1537 {
1538 unsigned int i, j;
1539
1540 for (i = 0, j = 0; i < (length); i++) {
1541 /* mask a nibble at a time and encode */
1542 target[j] = 'A' + (0x0F & (source[i] >> 4));
1543 target[j+1] = 'A' + (0x0F & source[i]);
1544 j += 2;
1545 }
1546
1547 }
1548
1549
1550 static int
1551 ipv4_connect(struct sockaddr_in *psin_server, struct socket **csocket,
1552 char *netbios_name, char *target_name,
1553 bool noblocksnd, bool noautotune)
1554 {
1555 int rc = 0;
1556 int connected = 0;
1557 __be16 orig_port = 0;
1558
1559 if (*csocket == NULL) {
1560 rc = sock_create_kern(PF_INET, SOCK_STREAM,
1561 IPPROTO_TCP, csocket);
1562 if (rc < 0) {
1563 cERROR(1, ("Error %d creating socket", rc));
1564 *csocket = NULL;
1565 return rc;
1566 } else {
1567 /* BB other socket options to set KEEPALIVE, NODELAY? */
1568 cFYI(1, ("Socket created"));
1569 (*csocket)->sk->sk_allocation = GFP_NOFS;
1570 cifs_reclassify_socket4(*csocket);
1571 }
1572 }
1573
1574 psin_server->sin_family = AF_INET;
1575 if (psin_server->sin_port) { /* user overrode default port */
1576 rc = (*csocket)->ops->connect(*csocket,
1577 (struct sockaddr *) psin_server,
1578 sizeof(struct sockaddr_in), 0);
1579 if (rc >= 0)
1580 connected = 1;
1581 }
1582
1583 if (!connected) {
1584 /* save original port so we can retry user specified port
1585 later if fall back ports fail this time */
1586 orig_port = psin_server->sin_port;
1587
1588 /* do not retry on the same port we just failed on */
1589 if (psin_server->sin_port != htons(CIFS_PORT)) {
1590 psin_server->sin_port = htons(CIFS_PORT);
1591
1592 rc = (*csocket)->ops->connect(*csocket,
1593 (struct sockaddr *) psin_server,
1594 sizeof(struct sockaddr_in), 0);
1595 if (rc >= 0)
1596 connected = 1;
1597 }
1598 }
1599 if (!connected) {
1600 psin_server->sin_port = htons(RFC1001_PORT);
1601 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1602 psin_server,
1603 sizeof(struct sockaddr_in), 0);
1604 if (rc >= 0)
1605 connected = 1;
1606 }
1607
1608 /* give up here - unless we want to retry on different
1609 protocol families some day */
1610 if (!connected) {
1611 if (orig_port)
1612 psin_server->sin_port = orig_port;
1613 cFYI(1, ("Error %d connecting to server via ipv4", rc));
1614 sock_release(*csocket);
1615 *csocket = NULL;
1616 return rc;
1617 }
1618 /* Eventually check for other socket options to change from
1619 the default. sock_setsockopt not used because it expects
1620 user space buffer */
1621 cFYI(1, ("sndbuf %d rcvbuf %d rcvtimeo 0x%lx",
1622 (*csocket)->sk->sk_sndbuf,
1623 (*csocket)->sk->sk_rcvbuf, (*csocket)->sk->sk_rcvtimeo));
1624 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1625 if (!noblocksnd)
1626 (*csocket)->sk->sk_sndtimeo = 3 * HZ;
1627
1628 /* make the bufsizes depend on wsize/rsize and max requests */
1629 if (noautotune) {
1630 if ((*csocket)->sk->sk_sndbuf < (200 * 1024))
1631 (*csocket)->sk->sk_sndbuf = 200 * 1024;
1632 if ((*csocket)->sk->sk_rcvbuf < (140 * 1024))
1633 (*csocket)->sk->sk_rcvbuf = 140 * 1024;
1634 }
1635
1636 /* send RFC1001 sessinit */
1637 if (psin_server->sin_port == htons(RFC1001_PORT)) {
1638 /* some servers require RFC1001 sessinit before sending
1639 negprot - BB check reconnection in case where second
1640 sessinit is sent but no second negprot */
1641 struct rfc1002_session_packet *ses_init_buf;
1642 struct smb_hdr *smb_buf;
1643 ses_init_buf = kzalloc(sizeof(struct rfc1002_session_packet),
1644 GFP_KERNEL);
1645 if (ses_init_buf) {
1646 ses_init_buf->trailer.session_req.called_len = 32;
1647 if (target_name && (target_name[0] != 0)) {
1648 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1649 target_name, 16);
1650 } else {
1651 rfc1002mangle(ses_init_buf->trailer.session_req.called_name,
1652 DEFAULT_CIFS_CALLED_NAME, 16);
1653 }
1654
1655 ses_init_buf->trailer.session_req.calling_len = 32;
1656 /* calling name ends in null (byte 16) from old smb
1657 convention. */
1658 if (netbios_name && (netbios_name[0] != 0)) {
1659 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1660 netbios_name, 16);
1661 } else {
1662 rfc1002mangle(ses_init_buf->trailer.session_req.calling_name,
1663 "LINUX_CIFS_CLNT", 16);
1664 }
1665 ses_init_buf->trailer.session_req.scope1 = 0;
1666 ses_init_buf->trailer.session_req.scope2 = 0;
1667 smb_buf = (struct smb_hdr *)ses_init_buf;
1668 /* sizeof RFC1002_SESSION_REQUEST with no scope */
1669 smb_buf->smb_buf_length = 0x81000044;
1670 rc = smb_send(*csocket, smb_buf, 0x44,
1671 (struct sockaddr *)psin_server, noblocksnd);
1672 kfree(ses_init_buf);
1673 msleep(1); /* RFC1001 layer in at least one server
1674 requires very short break before negprot
1675 presumably because not expecting negprot
1676 to follow so fast. This is a simple
1677 solution that works without
1678 complicating the code and causes no
1679 significant slowing down on mount
1680 for everyone else */
1681 }
1682 /* else the negprot may still work without this
1683 even though malloc failed */
1684
1685 }
1686
1687 return rc;
1688 }
1689
1690 static int
1691 ipv6_connect(struct sockaddr_in6 *psin_server, struct socket **csocket,
1692 bool noblocksnd)
1693 {
1694 int rc = 0;
1695 int connected = 0;
1696 __be16 orig_port = 0;
1697
1698 if (*csocket == NULL) {
1699 rc = sock_create_kern(PF_INET6, SOCK_STREAM,
1700 IPPROTO_TCP, csocket);
1701 if (rc < 0) {
1702 cERROR(1, ("Error %d creating ipv6 socket", rc));
1703 *csocket = NULL;
1704 return rc;
1705 } else {
1706 /* BB other socket options to set KEEPALIVE, NODELAY? */
1707 cFYI(1, ("ipv6 Socket created"));
1708 (*csocket)->sk->sk_allocation = GFP_NOFS;
1709 cifs_reclassify_socket6(*csocket);
1710 }
1711 }
1712
1713 psin_server->sin6_family = AF_INET6;
1714
1715 if (psin_server->sin6_port) { /* user overrode default port */
1716 rc = (*csocket)->ops->connect(*csocket,
1717 (struct sockaddr *) psin_server,
1718 sizeof(struct sockaddr_in6), 0);
1719 if (rc >= 0)
1720 connected = 1;
1721 }
1722
1723 if (!connected) {
1724 /* save original port so we can retry user specified port
1725 later if fall back ports fail this time */
1726
1727 orig_port = psin_server->sin6_port;
1728 /* do not retry on the same port we just failed on */
1729 if (psin_server->sin6_port != htons(CIFS_PORT)) {
1730 psin_server->sin6_port = htons(CIFS_PORT);
1731
1732 rc = (*csocket)->ops->connect(*csocket,
1733 (struct sockaddr *) psin_server,
1734 sizeof(struct sockaddr_in6), 0);
1735 if (rc >= 0)
1736 connected = 1;
1737 }
1738 }
1739 if (!connected) {
1740 psin_server->sin6_port = htons(RFC1001_PORT);
1741 rc = (*csocket)->ops->connect(*csocket, (struct sockaddr *)
1742 psin_server, sizeof(struct sockaddr_in6), 0);
1743 if (rc >= 0)
1744 connected = 1;
1745 }
1746
1747 /* give up here - unless we want to retry on different
1748 protocol families some day */
1749 if (!connected) {
1750 if (orig_port)
1751 psin_server->sin6_port = orig_port;
1752 cFYI(1, ("Error %d connecting to server via ipv6", rc));
1753 sock_release(*csocket);
1754 *csocket = NULL;
1755 return rc;
1756 }
1757 /* Eventually check for other socket options to change from
1758 the default. sock_setsockopt not used because it expects
1759 user space buffer */
1760 (*csocket)->sk->sk_rcvtimeo = 7 * HZ;
1761 if (!noblocksnd)
1762 (*csocket)->sk->sk_sndtimeo = 3 * HZ;
1763
1764
1765 return rc;
1766 }
1767
1768 void reset_cifs_unix_caps(int xid, struct cifsTconInfo *tcon,
1769 struct super_block *sb, struct smb_vol *vol_info)
1770 {
1771 /* if we are reconnecting then should we check to see if
1772 * any requested capabilities changed locally e.g. via
1773 * remount but we can not do much about it here
1774 * if they have (even if we could detect it by the following)
1775 * Perhaps we could add a backpointer to array of sb from tcon
1776 * or if we change to make all sb to same share the same
1777 * sb as NFS - then we only have one backpointer to sb.
1778 * What if we wanted to mount the server share twice once with
1779 * and once without posixacls or posix paths? */
1780 __u64 saved_cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1781
1782 if (vol_info && vol_info->no_linux_ext) {
1783 tcon->fsUnixInfo.Capability = 0;
1784 tcon->unix_ext = 0; /* Unix Extensions disabled */
1785 cFYI(1, ("Linux protocol extensions disabled"));
1786 return;
1787 } else if (vol_info)
1788 tcon->unix_ext = 1; /* Unix Extensions supported */
1789
1790 if (tcon->unix_ext == 0) {
1791 cFYI(1, ("Unix extensions disabled so not set on reconnect"));
1792 return;
1793 }
1794
1795 if (!CIFSSMBQFSUnixInfo(xid, tcon)) {
1796 __u64 cap = le64_to_cpu(tcon->fsUnixInfo.Capability);
1797
1798 /* check for reconnect case in which we do not
1799 want to change the mount behavior if we can avoid it */
1800 if (vol_info == NULL) {
1801 /* turn off POSIX ACL and PATHNAMES if not set
1802 originally at mount time */
1803 if ((saved_cap & CIFS_UNIX_POSIX_ACL_CAP) == 0)
1804 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
1805 if ((saved_cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
1806 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
1807 cERROR(1, ("POSIXPATH support change"));
1808 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
1809 } else if ((cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) == 0) {
1810 cERROR(1, ("possible reconnect error"));
1811 cERROR(1,
1812 ("server disabled POSIX path support"));
1813 }
1814 }
1815
1816 cap &= CIFS_UNIX_CAP_MASK;
1817 if (vol_info && vol_info->no_psx_acl)
1818 cap &= ~CIFS_UNIX_POSIX_ACL_CAP;
1819 else if (CIFS_UNIX_POSIX_ACL_CAP & cap) {
1820 cFYI(1, ("negotiated posix acl support"));
1821 if (sb)
1822 sb->s_flags |= MS_POSIXACL;
1823 }
1824
1825 if (vol_info && vol_info->posix_paths == 0)
1826 cap &= ~CIFS_UNIX_POSIX_PATHNAMES_CAP;
1827 else if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP) {
1828 cFYI(1, ("negotiate posix pathnames"));
1829 if (sb)
1830 CIFS_SB(sb)->mnt_cifs_flags |=
1831 CIFS_MOUNT_POSIX_PATHS;
1832 }
1833
1834 /* We might be setting the path sep back to a different
1835 form if we are reconnecting and the server switched its
1836 posix path capability for this share */
1837 if (sb && (CIFS_SB(sb)->prepathlen > 0))
1838 CIFS_SB(sb)->prepath[0] = CIFS_DIR_SEP(CIFS_SB(sb));
1839
1840 if (sb && (CIFS_SB(sb)->rsize > 127 * 1024)) {
1841 if ((cap & CIFS_UNIX_LARGE_READ_CAP) == 0) {
1842 CIFS_SB(sb)->rsize = 127 * 1024;
1843 cFYI(DBG2,
1844 ("larger reads not supported by srv"));
1845 }
1846 }
1847
1848
1849 cFYI(1, ("Negotiate caps 0x%x", (int)cap));
1850 #ifdef CONFIG_CIFS_DEBUG2
1851 if (cap & CIFS_UNIX_FCNTL_CAP)
1852 cFYI(1, ("FCNTL cap"));
1853 if (cap & CIFS_UNIX_EXTATTR_CAP)
1854 cFYI(1, ("EXTATTR cap"));
1855 if (cap & CIFS_UNIX_POSIX_PATHNAMES_CAP)
1856 cFYI(1, ("POSIX path cap"));
1857 if (cap & CIFS_UNIX_XATTR_CAP)
1858 cFYI(1, ("XATTR cap"));
1859 if (cap & CIFS_UNIX_POSIX_ACL_CAP)
1860 cFYI(1, ("POSIX ACL cap"));
1861 if (cap & CIFS_UNIX_LARGE_READ_CAP)
1862 cFYI(1, ("very large read cap"));
1863 if (cap & CIFS_UNIX_LARGE_WRITE_CAP)
1864 cFYI(1, ("very large write cap"));
1865 #endif /* CIFS_DEBUG2 */
1866 if (CIFSSMBSetFSUnixInfo(xid, tcon, cap)) {
1867 if (vol_info == NULL) {
1868 cFYI(1, ("resetting capabilities failed"));
1869 } else
1870 cERROR(1, ("Negotiating Unix capabilities "
1871 "with the server failed. Consider "
1872 "mounting with the Unix Extensions\n"
1873 "disabled, if problems are found, "
1874 "by specifying the nounix mount "
1875 "option."));
1876
1877 }
1878 }
1879 }
1880
1881 static void
1882 convert_delimiter(char *path, char delim)
1883 {
1884 int i;
1885 char old_delim;
1886
1887 if (path == NULL)
1888 return;
1889
1890 if (delim == '/')
1891 old_delim = '\\';
1892 else
1893 old_delim = '/';
1894
1895 for (i = 0; path[i] != '\0'; i++) {
1896 if (path[i] == old_delim)
1897 path[i] = delim;
1898 }
1899 }
1900
1901 static void setup_cifs_sb(struct smb_vol *pvolume_info,
1902 struct cifs_sb_info *cifs_sb)
1903 {
1904 if (pvolume_info->rsize > CIFSMaxBufSize) {
1905 cERROR(1, ("rsize %d too large, using MaxBufSize",
1906 pvolume_info->rsize));
1907 cifs_sb->rsize = CIFSMaxBufSize;
1908 } else if ((pvolume_info->rsize) &&
1909 (pvolume_info->rsize <= CIFSMaxBufSize))
1910 cifs_sb->rsize = pvolume_info->rsize;
1911 else /* default */
1912 cifs_sb->rsize = CIFSMaxBufSize;
1913
1914 if (pvolume_info->wsize > PAGEVEC_SIZE * PAGE_CACHE_SIZE) {
1915 cERROR(1, ("wsize %d too large, using 4096 instead",
1916 pvolume_info->wsize));
1917 cifs_sb->wsize = 4096;
1918 } else if (pvolume_info->wsize)
1919 cifs_sb->wsize = pvolume_info->wsize;
1920 else
1921 cifs_sb->wsize = min_t(const int,
1922 PAGEVEC_SIZE * PAGE_CACHE_SIZE,
1923 127*1024);
1924 /* old default of CIFSMaxBufSize was too small now
1925 that SMB Write2 can send multiple pages in kvec.
1926 RFC1001 does not describe what happens when frame
1927 bigger than 128K is sent so use that as max in
1928 conjunction with 52K kvec constraint on arch with 4K
1929 page size */
1930
1931 if (cifs_sb->rsize < 2048) {
1932 cifs_sb->rsize = 2048;
1933 /* Windows ME may prefer this */
1934 cFYI(1, ("readsize set to minimum: 2048"));
1935 }
1936 /* calculate prepath */
1937 cifs_sb->prepath = pvolume_info->prepath;
1938 if (cifs_sb->prepath) {
1939 cifs_sb->prepathlen = strlen(cifs_sb->prepath);
1940 /* we can not convert the / to \ in the path
1941 separators in the prefixpath yet because we do not
1942 know (until reset_cifs_unix_caps is called later)
1943 whether POSIX PATH CAP is available. We normalize
1944 the / to \ after reset_cifs_unix_caps is called */
1945 pvolume_info->prepath = NULL;
1946 } else
1947 cifs_sb->prepathlen = 0;
1948 cifs_sb->mnt_uid = pvolume_info->linux_uid;
1949 cifs_sb->mnt_gid = pvolume_info->linux_gid;
1950 cifs_sb->mnt_file_mode = pvolume_info->file_mode;
1951 cifs_sb->mnt_dir_mode = pvolume_info->dir_mode;
1952 cFYI(1, ("file mode: 0x%x dir mode: 0x%x",
1953 cifs_sb->mnt_file_mode, cifs_sb->mnt_dir_mode));
1954
1955 if (pvolume_info->noperm)
1956 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_PERM;
1957 if (pvolume_info->setuids)
1958 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SET_UID;
1959 if (pvolume_info->server_ino)
1960 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_SERVER_INUM;
1961 if (pvolume_info->remap)
1962 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_MAP_SPECIAL_CHR;
1963 if (pvolume_info->no_xattr)
1964 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_XATTR;
1965 if (pvolume_info->sfu_emul)
1966 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_UNX_EMUL;
1967 if (pvolume_info->nobrl)
1968 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_NO_BRL;
1969 if (pvolume_info->cifs_acl)
1970 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_CIFS_ACL;
1971 if (pvolume_info->override_uid)
1972 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_UID;
1973 if (pvolume_info->override_gid)
1974 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_OVERR_GID;
1975 if (pvolume_info->dynperm)
1976 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DYNPERM;
1977 if (pvolume_info->direct_io) {
1978 cFYI(1, ("mounting share using direct i/o"));
1979 cifs_sb->mnt_cifs_flags |= CIFS_MOUNT_DIRECT_IO;
1980 }
1981
1982 if ((pvolume_info->cifs_acl) && (pvolume_info->dynperm))
1983 cERROR(1, ("mount option dynperm ignored if cifsacl "
1984 "mount option supported"));
1985 }
1986
1987 int
1988 cifs_mount(struct super_block *sb, struct cifs_sb_info *cifs_sb,
1989 char *mount_data, const char *devname)
1990 {
1991 int rc = 0;
1992 int xid;
1993 struct socket *csocket = NULL;
1994 struct sockaddr addr;
1995 struct sockaddr_in *sin_server = (struct sockaddr_in *) &addr;
1996 struct sockaddr_in6 *sin_server6 = (struct sockaddr_in6 *) &addr;
1997 struct smb_vol volume_info;
1998 struct cifsSesInfo *pSesInfo = NULL;
1999 struct cifsTconInfo *tcon = NULL;
2000 struct TCP_Server_Info *srvTcp = NULL;
2001
2002 xid = GetXid();
2003
2004 /* cFYI(1, ("Entering cifs_mount. Xid: %d with: %s", xid, mount_data)); */
2005
2006 memset(&addr, 0, sizeof(struct sockaddr));
2007 memset(&volume_info, 0, sizeof(struct smb_vol));
2008 if (cifs_parse_mount_options(mount_data, devname, &volume_info)) {
2009 rc = -EINVAL;
2010 goto out;
2011 }
2012
2013 if (volume_info.nullauth) {
2014 cFYI(1, ("null user"));
2015 volume_info.username = "";
2016 } else if (volume_info.username) {
2017 /* BB fixme parse for domain name here */
2018 cFYI(1, ("Username: %s", volume_info.username));
2019 } else {
2020 cifserror("No username specified");
2021 /* In userspace mount helper we can get user name from alternate
2022 locations such as env variables and files on disk */
2023 rc = -EINVAL;
2024 goto out;
2025 }
2026
2027 if (volume_info.UNCip && volume_info.UNC) {
2028 rc = cifs_inet_pton(AF_INET, volume_info.UNCip,
2029 &sin_server->sin_addr.s_addr);
2030
2031 if (rc <= 0) {
2032 /* not ipv4 address, try ipv6 */
2033 rc = cifs_inet_pton(AF_INET6, volume_info.UNCip,
2034 &sin_server6->sin6_addr.in6_u);
2035 if (rc > 0)
2036 addr.sa_family = AF_INET6;
2037 } else {
2038 addr.sa_family = AF_INET;
2039 }
2040
2041 if (rc <= 0) {
2042 /* we failed translating address */
2043 rc = -EINVAL;
2044 goto out;
2045 }
2046
2047 cFYI(1, ("UNC: %s ip: %s", volume_info.UNC, volume_info.UNCip));
2048 /* success */
2049 rc = 0;
2050 } else if (volume_info.UNCip) {
2051 /* BB using ip addr as server name to connect to the
2052 DFS root below */
2053 cERROR(1, ("Connecting to DFS root not implemented yet"));
2054 rc = -EINVAL;
2055 goto out;
2056 } else /* which servers DFS root would we conect to */ {
2057 cERROR(1,
2058 ("CIFS mount error: No UNC path (e.g. -o "
2059 "unc=//192.168.1.100/public) specified"));
2060 rc = -EINVAL;
2061 goto out;
2062 }
2063
2064 /* this is needed for ASCII cp to Unicode converts */
2065 if (volume_info.iocharset == NULL) {
2066 cifs_sb->local_nls = load_nls_default();
2067 /* load_nls_default can not return null */
2068 } else {
2069 cifs_sb->local_nls = load_nls(volume_info.iocharset);
2070 if (cifs_sb->local_nls == NULL) {
2071 cERROR(1, ("CIFS mount error: iocharset %s not found",
2072 volume_info.iocharset));
2073 rc = -ELIBACC;
2074 goto out;
2075 }
2076 }
2077
2078 srvTcp = cifs_find_tcp_session(&addr);
2079 if (srvTcp) {
2080 cFYI(1, ("Existing tcp session with server found"));
2081 } else { /* create socket */
2082 if (addr.sa_family == AF_INET6) {
2083 cFYI(1, ("attempting ipv6 connect"));
2084 /* BB should we allow ipv6 on port 139? */
2085 /* other OS never observed in Wild doing 139 with v6 */
2086 sin_server6->sin6_port = htons(volume_info.port);
2087 rc = ipv6_connect(sin_server6, &csocket,
2088 volume_info.noblocksnd);
2089 } else {
2090 sin_server->sin_port = htons(volume_info.port);
2091 rc = ipv4_connect(sin_server, &csocket,
2092 volume_info.source_rfc1001_name,
2093 volume_info.target_rfc1001_name,
2094 volume_info.noblocksnd,
2095 volume_info.noautotune);
2096 }
2097 if (rc < 0) {
2098 cERROR(1, ("Error connecting to socket. "
2099 "Aborting operation"));
2100 if (csocket != NULL)
2101 sock_release(csocket);
2102 goto out;
2103 }
2104
2105 srvTcp = kzalloc(sizeof(struct TCP_Server_Info), GFP_KERNEL);
2106 if (!srvTcp) {
2107 rc = -ENOMEM;
2108 sock_release(csocket);
2109 goto out;
2110 } else {
2111 srvTcp->noblocksnd = volume_info.noblocksnd;
2112 srvTcp->noautotune = volume_info.noautotune;
2113 if (addr.sa_family == AF_INET6)
2114 memcpy(&srvTcp->addr.sockAddr6, sin_server6,
2115 sizeof(struct sockaddr_in6));
2116 else
2117 memcpy(&srvTcp->addr.sockAddr, sin_server,
2118 sizeof(struct sockaddr_in));
2119 atomic_set(&srvTcp->inFlight, 0);
2120 /* BB Add code for ipv6 case too */
2121 srvTcp->ssocket = csocket;
2122 srvTcp->hostname = extract_hostname(volume_info.UNC);
2123 if (IS_ERR(srvTcp->hostname)) {
2124 rc = PTR_ERR(srvTcp->hostname);
2125 sock_release(csocket);
2126 goto out;
2127 }
2128 init_waitqueue_head(&srvTcp->response_q);
2129 init_waitqueue_head(&srvTcp->request_q);
2130 INIT_LIST_HEAD(&srvTcp->pending_mid_q);
2131 /* at this point we are the only ones with the pointer
2132 to the struct since the kernel thread not created yet
2133 so no need to spinlock this init of tcpStatus */
2134 srvTcp->tcpStatus = CifsNew;
2135 init_MUTEX(&srvTcp->tcpSem);
2136 srvTcp->tsk = kthread_run((void *)(void *)cifs_demultiplex_thread, srvTcp, "cifsd");
2137 if (IS_ERR(srvTcp->tsk)) {
2138 rc = PTR_ERR(srvTcp->tsk);
2139 cERROR(1, ("error %d create cifsd thread", rc));
2140 srvTcp->tsk = NULL;
2141 sock_release(csocket);
2142 kfree(srvTcp->hostname);
2143 goto out;
2144 }
2145 rc = 0;
2146 memcpy(srvTcp->workstation_RFC1001_name,
2147 volume_info.source_rfc1001_name, 16);
2148 memcpy(srvTcp->server_RFC1001_name,
2149 volume_info.target_rfc1001_name, 16);
2150 srvTcp->sequence_number = 0;
2151 INIT_LIST_HEAD(&srvTcp->tcp_ses_list);
2152 INIT_LIST_HEAD(&srvTcp->smb_ses_list);
2153 ++srvTcp->srv_count;
2154 write_lock(&cifs_tcp_ses_lock);
2155 list_add(&srvTcp->tcp_ses_list,
2156 &cifs_tcp_ses_list);
2157 write_unlock(&cifs_tcp_ses_lock);
2158 }
2159 }
2160
2161 pSesInfo = cifs_find_smb_ses(srvTcp, volume_info.username);
2162 if (pSesInfo) {
2163 cFYI(1, ("Existing smb sess found (status=%d)",
2164 pSesInfo->status));
2165 /*
2166 * The existing SMB session already has a reference to srvTcp,
2167 * so we can put back the extra one we got before
2168 */
2169 cifs_put_tcp_session(srvTcp);
2170
2171 down(&pSesInfo->sesSem);
2172 if (pSesInfo->need_reconnect) {
2173 cFYI(1, ("Session needs reconnect"));
2174 rc = cifs_setup_session(xid, pSesInfo,
2175 cifs_sb->local_nls);
2176 }
2177 up(&pSesInfo->sesSem);
2178 } else if (!rc) {
2179 cFYI(1, ("Existing smb sess not found"));
2180 pSesInfo = sesInfoAlloc();
2181 if (pSesInfo == NULL) {
2182 rc = -ENOMEM;
2183 goto mount_fail_check;
2184 }
2185
2186 /* new SMB session uses our srvTcp ref */
2187 pSesInfo->server = srvTcp;
2188 sprintf(pSesInfo->serverName, "%u.%u.%u.%u",
2189 NIPQUAD(sin_server->sin_addr.s_addr));
2190
2191 write_lock(&cifs_tcp_ses_lock);
2192 list_add(&pSesInfo->smb_ses_list, &srvTcp->smb_ses_list);
2193 write_unlock(&cifs_tcp_ses_lock);
2194
2195 /* volume_info.password freed at unmount */
2196 if (volume_info.password) {
2197 pSesInfo->password = volume_info.password;
2198 /* set to NULL to prevent freeing on exit */
2199 volume_info.password = NULL;
2200 }
2201 if (volume_info.username)
2202 strncpy(pSesInfo->userName, volume_info.username,
2203 MAX_USERNAME_SIZE);
2204 if (volume_info.domainname) {
2205 int len = strlen(volume_info.domainname);
2206 pSesInfo->domainName = kmalloc(len + 1, GFP_KERNEL);
2207 if (pSesInfo->domainName)
2208 strcpy(pSesInfo->domainName,
2209 volume_info.domainname);
2210 }
2211 pSesInfo->linux_uid = volume_info.linux_uid;
2212 pSesInfo->overrideSecFlg = volume_info.secFlg;
2213 down(&pSesInfo->sesSem);
2214
2215 /* BB FIXME need to pass vol->secFlgs BB */
2216 rc = cifs_setup_session(xid, pSesInfo,
2217 cifs_sb->local_nls);
2218 up(&pSesInfo->sesSem);
2219 }
2220
2221 /* search for existing tcon to this server share */
2222 if (!rc) {
2223 setup_cifs_sb(&volume_info, cifs_sb);
2224
2225 if (tcon) {
2226 cFYI(1, ("Found match on UNC path"));
2227 if (tcon->seal != volume_info.seal)
2228 cERROR(1, ("transport encryption setting "
2229 "conflicts with existing tid"));
2230 } else {
2231 tcon = tconInfoAlloc();
2232 if (tcon == NULL) {
2233 rc = -ENOMEM;
2234 goto mount_fail_check;
2235 }
2236
2237 /* check for null share name ie connect to dfs root */
2238
2239 /* BB check if works for exactly length 3 strings */
2240 if ((strchr(volume_info.UNC + 3, '\\') == NULL)
2241 && (strchr(volume_info.UNC + 3, '/') == NULL)) {
2242 /* rc = connect_to_dfs_path(...) */
2243 cFYI(1, ("DFS root not supported"));
2244 rc = -ENODEV;
2245 goto mount_fail_check;
2246 } else {
2247 /* BB Do we need to wrap sesSem around
2248 * this TCon call and Unix SetFS as
2249 * we do on SessSetup and reconnect? */
2250 rc = CIFSTCon(xid, pSesInfo, volume_info.UNC,
2251 tcon, cifs_sb->local_nls);
2252 cFYI(1, ("CIFS Tcon rc = %d", rc));
2253 if (volume_info.nodfs) {
2254 tcon->Flags &= ~SMB_SHARE_IS_IN_DFS;
2255 cFYI(1, ("DFS disabled (%d)",
2256 tcon->Flags));
2257 }
2258 }
2259 if (rc)
2260 goto mount_fail_check;
2261 tcon->seal = volume_info.seal;
2262 }
2263
2264 /* we can have only one retry value for a connection
2265 to a share so for resources mounted more than once
2266 to the same server share the last value passed in
2267 for the retry flag is used */
2268 tcon->retry = volume_info.retry;
2269 tcon->nocase = volume_info.nocase;
2270 tcon->local_lease = volume_info.local_lease;
2271 }
2272 if (pSesInfo) {
2273 if (pSesInfo->capabilities & CAP_LARGE_FILES) {
2274 sb->s_maxbytes = (u64) 1 << 63;
2275 } else
2276 sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
2277 }
2278
2279 /* BB FIXME fix time_gran to be larger for LANMAN sessions */
2280 sb->s_time_gran = 100;
2281
2282 mount_fail_check:
2283 /* on error free sesinfo and tcon struct if needed */
2284 if (rc) {
2285 /* If find_unc succeeded then rc == 0 so we can not end */
2286 /* up accidently freeing someone elses tcon struct */
2287 if (tcon)
2288 tconInfoFree(tcon);
2289
2290 /* should also end up putting our tcp session ref if needed */
2291 if (pSesInfo)
2292 cifs_put_smb_ses(pSesInfo);
2293 else
2294 cifs_put_tcp_session(srvTcp);
2295 } else {
2296 atomic_inc(&tcon->useCount);
2297 cifs_sb->tcon = tcon;
2298 tcon->ses = pSesInfo;
2299
2300 /* do not care if following two calls succeed - informational */
2301 if (!tcon->ipc) {
2302 CIFSSMBQFSDeviceInfo(xid, tcon);
2303 CIFSSMBQFSAttributeInfo(xid, tcon);
2304 }
2305
2306 /* tell server which Unix caps we support */
2307 if (tcon->ses->capabilities & CAP_UNIX)
2308 /* reset of caps checks mount to see if unix extensions
2309 disabled for just this mount */
2310 reset_cifs_unix_caps(xid, tcon, sb, &volume_info);
2311 else
2312 tcon->unix_ext = 0; /* server does not support them */
2313
2314 /* convert forward to back slashes in prepath here if needed */
2315 if ((cifs_sb->mnt_cifs_flags & CIFS_MOUNT_POSIX_PATHS) == 0)
2316 convert_delimiter(cifs_sb->prepath,
2317 CIFS_DIR_SEP(cifs_sb));
2318
2319 if ((tcon->unix_ext == 0) && (cifs_sb->rsize > (1024 * 127))) {
2320 cifs_sb->rsize = 1024 * 127;
2321 cFYI(DBG2,
2322 ("no very large read support, rsize now 127K"));
2323 }
2324 if (!(tcon->ses->capabilities & CAP_LARGE_WRITE_X))
2325 cifs_sb->wsize = min(cifs_sb->wsize,
2326 (tcon->ses->server->maxBuf -
2327 MAX_CIFS_HDR_SIZE));
2328 if (!(tcon->ses->capabilities & CAP_LARGE_READ_X))
2329 cifs_sb->rsize = min(cifs_sb->rsize,
2330 (tcon->ses->server->maxBuf -
2331 MAX_CIFS_HDR_SIZE));
2332 }
2333
2334 /* volume_info.password is freed above when existing session found
2335 (in which case it is not needed anymore) but when new sesion is created
2336 the password ptr is put in the new session structure (in which case the
2337 password will be freed at unmount time) */
2338 out:
2339 /* zero out password before freeing */
2340 if (volume_info.password != NULL) {
2341 memset(volume_info.password, 0, strlen(volume_info.password));
2342 kfree(volume_info.password);
2343 }
2344 kfree(volume_info.UNC);
2345 kfree(volume_info.prepath);
2346 FreeXid(xid);
2347 return rc;
2348 }
2349
2350 static int
2351 CIFSSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2352 char session_key[CIFS_SESS_KEY_SIZE],
2353 const struct nls_table *nls_codepage)
2354 {
2355 struct smb_hdr *smb_buffer;
2356 struct smb_hdr *smb_buffer_response;
2357 SESSION_SETUP_ANDX *pSMB;
2358 SESSION_SETUP_ANDX *pSMBr;
2359 char *bcc_ptr;
2360 char *user;
2361 char *domain;
2362 int rc = 0;
2363 int remaining_words = 0;
2364 int bytes_returned = 0;
2365 int len;
2366 __u32 capabilities;
2367 __u16 count;
2368
2369 cFYI(1, ("In sesssetup"));
2370 if (ses == NULL)
2371 return -EINVAL;
2372 user = ses->userName;
2373 domain = ses->domainName;
2374 smb_buffer = cifs_buf_get();
2375
2376 if (smb_buffer == NULL)
2377 return -ENOMEM;
2378
2379 smb_buffer_response = smb_buffer;
2380 pSMBr = pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2381
2382 /* send SMBsessionSetup here */
2383 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2384 NULL /* no tCon exists yet */ , 13 /* wct */ );
2385
2386 smb_buffer->Mid = GetNextMid(ses->server);
2387 pSMB->req_no_secext.AndXCommand = 0xFF;
2388 pSMB->req_no_secext.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2389 pSMB->req_no_secext.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2390
2391 if (ses->server->secMode &
2392 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2393 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2394
2395 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2396 CAP_LARGE_WRITE_X | CAP_LARGE_READ_X;
2397 if (ses->capabilities & CAP_UNICODE) {
2398 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2399 capabilities |= CAP_UNICODE;
2400 }
2401 if (ses->capabilities & CAP_STATUS32) {
2402 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2403 capabilities |= CAP_STATUS32;
2404 }
2405 if (ses->capabilities & CAP_DFS) {
2406 smb_buffer->Flags2 |= SMBFLG2_DFS;
2407 capabilities |= CAP_DFS;
2408 }
2409 pSMB->req_no_secext.Capabilities = cpu_to_le32(capabilities);
2410
2411 pSMB->req_no_secext.CaseInsensitivePasswordLength =
2412 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2413
2414 pSMB->req_no_secext.CaseSensitivePasswordLength =
2415 cpu_to_le16(CIFS_SESS_KEY_SIZE);
2416 bcc_ptr = pByteArea(smb_buffer);
2417 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2418 bcc_ptr += CIFS_SESS_KEY_SIZE;
2419 memcpy(bcc_ptr, (char *) session_key, CIFS_SESS_KEY_SIZE);
2420 bcc_ptr += CIFS_SESS_KEY_SIZE;
2421
2422 if (ses->capabilities & CAP_UNICODE) {
2423 if ((long) bcc_ptr % 2) { /* must be word aligned for Unicode */
2424 *bcc_ptr = 0;
2425 bcc_ptr++;
2426 }
2427 if (user == NULL)
2428 bytes_returned = 0; /* skip null user */
2429 else
2430 bytes_returned =
2431 cifs_strtoUCS((__le16 *) bcc_ptr, user, 100,
2432 nls_codepage);
2433 /* convert number of 16 bit words to bytes */
2434 bcc_ptr += 2 * bytes_returned;
2435 bcc_ptr += 2; /* trailing null */
2436 if (domain == NULL)
2437 bytes_returned =
2438 cifs_strtoUCS((__le16 *) bcc_ptr,
2439 "CIFS_LINUX_DOM", 32, nls_codepage);
2440 else
2441 bytes_returned =
2442 cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
2443 nls_codepage);
2444 bcc_ptr += 2 * bytes_returned;
2445 bcc_ptr += 2;
2446 bytes_returned =
2447 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2448 32, nls_codepage);
2449 bcc_ptr += 2 * bytes_returned;
2450 bytes_returned =
2451 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release,
2452 32, nls_codepage);
2453 bcc_ptr += 2 * bytes_returned;
2454 bcc_ptr += 2;
2455 bytes_returned =
2456 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2457 64, nls_codepage);
2458 bcc_ptr += 2 * bytes_returned;
2459 bcc_ptr += 2;
2460 } else {
2461 if (user != NULL) {
2462 strncpy(bcc_ptr, user, 200);
2463 bcc_ptr += strnlen(user, 200);
2464 }
2465 *bcc_ptr = 0;
2466 bcc_ptr++;
2467 if (domain == NULL) {
2468 strcpy(bcc_ptr, "CIFS_LINUX_DOM");
2469 bcc_ptr += strlen("CIFS_LINUX_DOM") + 1;
2470 } else {
2471 strncpy(bcc_ptr, domain, 64);
2472 bcc_ptr += strnlen(domain, 64);
2473 *bcc_ptr = 0;
2474 bcc_ptr++;
2475 }
2476 strcpy(bcc_ptr, "Linux version ");
2477 bcc_ptr += strlen("Linux version ");
2478 strcpy(bcc_ptr, utsname()->release);
2479 bcc_ptr += strlen(utsname()->release) + 1;
2480 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2481 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2482 }
2483 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2484 smb_buffer->smb_buf_length += count;
2485 pSMB->req_no_secext.ByteCount = cpu_to_le16(count);
2486
2487 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2488 &bytes_returned, CIFS_LONG_OP);
2489 if (rc) {
2490 /* rc = map_smb_to_linux_error(smb_buffer_response); now done in SendReceive */
2491 } else if ((smb_buffer_response->WordCount == 3)
2492 || (smb_buffer_response->WordCount == 4)) {
2493 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2494 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2495 if (action & GUEST_LOGIN)
2496 cFYI(1, (" Guest login")); /* BB mark SesInfo struct? */
2497 ses->Suid = smb_buffer_response->Uid; /* UID left in wire format
2498 (little endian) */
2499 cFYI(1, ("UID = %d ", ses->Suid));
2500 /* response can have either 3 or 4 word count - Samba sends 3 */
2501 bcc_ptr = pByteArea(smb_buffer_response);
2502 if ((pSMBr->resp.hdr.WordCount == 3)
2503 || ((pSMBr->resp.hdr.WordCount == 4)
2504 && (blob_len < pSMBr->resp.ByteCount))) {
2505 if (pSMBr->resp.hdr.WordCount == 4)
2506 bcc_ptr += blob_len;
2507
2508 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2509 if ((long) (bcc_ptr) % 2) {
2510 remaining_words =
2511 (BCC(smb_buffer_response) - 1) / 2;
2512 /* Unicode strings must be word
2513 aligned */
2514 bcc_ptr++;
2515 } else {
2516 remaining_words =
2517 BCC(smb_buffer_response) / 2;
2518 }
2519 len =
2520 UniStrnlen((wchar_t *) bcc_ptr,
2521 remaining_words - 1);
2522 /* We look for obvious messed up bcc or strings in response so we do not go off
2523 the end since (at least) WIN2K and Windows XP have a major bug in not null
2524 terminating last Unicode string in response */
2525 if (ses->serverOS)
2526 kfree(ses->serverOS);
2527 ses->serverOS = kzalloc(2 * (len + 1),
2528 GFP_KERNEL);
2529 if (ses->serverOS == NULL)
2530 goto sesssetup_nomem;
2531 cifs_strfromUCS_le(ses->serverOS,
2532 (__le16 *)bcc_ptr,
2533 len, nls_codepage);
2534 bcc_ptr += 2 * (len + 1);
2535 remaining_words -= len + 1;
2536 ses->serverOS[2 * len] = 0;
2537 ses->serverOS[1 + (2 * len)] = 0;
2538 if (remaining_words > 0) {
2539 len = UniStrnlen((wchar_t *)bcc_ptr,
2540 remaining_words-1);
2541 kfree(ses->serverNOS);
2542 ses->serverNOS = kzalloc(2 * (len + 1),
2543 GFP_KERNEL);
2544 if (ses->serverNOS == NULL)
2545 goto sesssetup_nomem;
2546 cifs_strfromUCS_le(ses->serverNOS,
2547 (__le16 *)bcc_ptr,
2548 len, nls_codepage);
2549 bcc_ptr += 2 * (len + 1);
2550 ses->serverNOS[2 * len] = 0;
2551 ses->serverNOS[1 + (2 * len)] = 0;
2552 if (strncmp(ses->serverNOS,
2553 "NT LAN Manager 4", 16) == 0) {
2554 cFYI(1, ("NT4 server"));
2555 ses->flags |= CIFS_SES_NT4;
2556 }
2557 remaining_words -= len + 1;
2558 if (remaining_words > 0) {
2559 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2560 /* last string is not always null terminated
2561 (for e.g. for Windows XP & 2000) */
2562 if (ses->serverDomain)
2563 kfree(ses->serverDomain);
2564 ses->serverDomain =
2565 kzalloc(2*(len+1),
2566 GFP_KERNEL);
2567 if (ses->serverDomain == NULL)
2568 goto sesssetup_nomem;
2569 cifs_strfromUCS_le(ses->serverDomain,
2570 (__le16 *)bcc_ptr,
2571 len, nls_codepage);
2572 bcc_ptr += 2 * (len + 1);
2573 ses->serverDomain[2*len] = 0;
2574 ses->serverDomain[1+(2*len)] = 0;
2575 } else { /* else no more room so create
2576 dummy domain string */
2577 if (ses->serverDomain)
2578 kfree(ses->serverDomain);
2579 ses->serverDomain =
2580 kzalloc(2, GFP_KERNEL);
2581 }
2582 } else { /* no room so create dummy domain
2583 and NOS string */
2584
2585 /* if these kcallocs fail not much we
2586 can do, but better to not fail the
2587 sesssetup itself */
2588 kfree(ses->serverDomain);
2589 ses->serverDomain =
2590 kzalloc(2, GFP_KERNEL);
2591 kfree(ses->serverNOS);
2592 ses->serverNOS =
2593 kzalloc(2, GFP_KERNEL);
2594 }
2595 } else { /* ASCII */
2596 len = strnlen(bcc_ptr, 1024);
2597 if (((long) bcc_ptr + len) - (long)
2598 pByteArea(smb_buffer_response)
2599 <= BCC(smb_buffer_response)) {
2600 kfree(ses->serverOS);
2601 ses->serverOS = kzalloc(len + 1,
2602 GFP_KERNEL);
2603 if (ses->serverOS == NULL)
2604 goto sesssetup_nomem;
2605 strncpy(ses->serverOS, bcc_ptr, len);
2606
2607 bcc_ptr += len;
2608 /* null terminate the string */
2609 bcc_ptr[0] = 0;
2610 bcc_ptr++;
2611
2612 len = strnlen(bcc_ptr, 1024);
2613 kfree(ses->serverNOS);
2614 ses->serverNOS = kzalloc(len + 1,
2615 GFP_KERNEL);
2616 if (ses->serverNOS == NULL)
2617 goto sesssetup_nomem;
2618 strncpy(ses->serverNOS, bcc_ptr, len);
2619 bcc_ptr += len;
2620 bcc_ptr[0] = 0;
2621 bcc_ptr++;
2622
2623 len = strnlen(bcc_ptr, 1024);
2624 if (ses->serverDomain)
2625 kfree(ses->serverDomain);
2626 ses->serverDomain = kzalloc(len + 1,
2627 GFP_KERNEL);
2628 if (ses->serverDomain == NULL)
2629 goto sesssetup_nomem;
2630 strncpy(ses->serverDomain, bcc_ptr,
2631 len);
2632 bcc_ptr += len;
2633 bcc_ptr[0] = 0;
2634 bcc_ptr++;
2635 } else
2636 cFYI(1,
2637 ("Variable field of length %d "
2638 "extends beyond end of smb ",
2639 len));
2640 }
2641 } else {
2642 cERROR(1,
2643 (" Security Blob Length extends beyond "
2644 "end of SMB"));
2645 }
2646 } else {
2647 cERROR(1,
2648 (" Invalid Word count %d: ",
2649 smb_buffer_response->WordCount));
2650 rc = -EIO;
2651 }
2652 sesssetup_nomem: /* do not return an error on nomem for the info strings,
2653 since that could make reconnection harder, and
2654 reconnection might be needed to free memory */
2655 cifs_buf_release(smb_buffer);
2656
2657 return rc;
2658 }
2659
2660 static int
2661 CIFSNTLMSSPNegotiateSessSetup(unsigned int xid,
2662 struct cifsSesInfo *ses, bool *pNTLMv2_flag,
2663 const struct nls_table *nls_codepage)
2664 {
2665 struct smb_hdr *smb_buffer;
2666 struct smb_hdr *smb_buffer_response;
2667 SESSION_SETUP_ANDX *pSMB;
2668 SESSION_SETUP_ANDX *pSMBr;
2669 char *bcc_ptr;
2670 char *domain;
2671 int rc = 0;
2672 int remaining_words = 0;
2673 int bytes_returned = 0;
2674 int len;
2675 int SecurityBlobLength = sizeof(NEGOTIATE_MESSAGE);
2676 PNEGOTIATE_MESSAGE SecurityBlob;
2677 PCHALLENGE_MESSAGE SecurityBlob2;
2678 __u32 negotiate_flags, capabilities;
2679 __u16 count;
2680
2681 cFYI(1, ("In NTLMSSP sesssetup (negotiate)"));
2682 if (ses == NULL)
2683 return -EINVAL;
2684 domain = ses->domainName;
2685 *pNTLMv2_flag = false;
2686 smb_buffer = cifs_buf_get();
2687 if (smb_buffer == NULL) {
2688 return -ENOMEM;
2689 }
2690 smb_buffer_response = smb_buffer;
2691 pSMB = (SESSION_SETUP_ANDX *) smb_buffer;
2692 pSMBr = (SESSION_SETUP_ANDX *) smb_buffer_response;
2693
2694 /* send SMBsessionSetup here */
2695 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
2696 NULL /* no tCon exists yet */ , 12 /* wct */ );
2697
2698 smb_buffer->Mid = GetNextMid(ses->server);
2699 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
2700 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
2701
2702 pSMB->req.AndXCommand = 0xFF;
2703 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
2704 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
2705
2706 if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
2707 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
2708
2709 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
2710 CAP_EXTENDED_SECURITY;
2711 if (ses->capabilities & CAP_UNICODE) {
2712 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
2713 capabilities |= CAP_UNICODE;
2714 }
2715 if (ses->capabilities & CAP_STATUS32) {
2716 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
2717 capabilities |= CAP_STATUS32;
2718 }
2719 if (ses->capabilities & CAP_DFS) {
2720 smb_buffer->Flags2 |= SMBFLG2_DFS;
2721 capabilities |= CAP_DFS;
2722 }
2723 pSMB->req.Capabilities = cpu_to_le32(capabilities);
2724
2725 bcc_ptr = (char *) &pSMB->req.SecurityBlob;
2726 SecurityBlob = (PNEGOTIATE_MESSAGE) bcc_ptr;
2727 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
2728 SecurityBlob->MessageType = NtLmNegotiate;
2729 negotiate_flags =
2730 NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM |
2731 NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_NTLM |
2732 NTLMSSP_NEGOTIATE_56 |
2733 /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN | */ NTLMSSP_NEGOTIATE_128;
2734 if (sign_CIFS_PDUs)
2735 negotiate_flags |= NTLMSSP_NEGOTIATE_SIGN;
2736 /* if (ntlmv2_support)
2737 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;*/
2738 /* setup pointers to domain name and workstation name */
2739 bcc_ptr += SecurityBlobLength;
2740
2741 SecurityBlob->WorkstationName.Buffer = 0;
2742 SecurityBlob->WorkstationName.Length = 0;
2743 SecurityBlob->WorkstationName.MaximumLength = 0;
2744
2745 /* Domain not sent on first Sesssetup in NTLMSSP, instead it is sent
2746 along with username on auth request (ie the response to challenge) */
2747 SecurityBlob->DomainName.Buffer = 0;
2748 SecurityBlob->DomainName.Length = 0;
2749 SecurityBlob->DomainName.MaximumLength = 0;
2750 if (ses->capabilities & CAP_UNICODE) {
2751 if ((long) bcc_ptr % 2) {
2752 *bcc_ptr = 0;
2753 bcc_ptr++;
2754 }
2755
2756 bytes_returned =
2757 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
2758 32, nls_codepage);
2759 bcc_ptr += 2 * bytes_returned;
2760 bytes_returned =
2761 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
2762 nls_codepage);
2763 bcc_ptr += 2 * bytes_returned;
2764 bcc_ptr += 2; /* null terminate Linux version */
2765 bytes_returned =
2766 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
2767 64, nls_codepage);
2768 bcc_ptr += 2 * bytes_returned;
2769 *(bcc_ptr + 1) = 0;
2770 *(bcc_ptr + 2) = 0;
2771 bcc_ptr += 2; /* null terminate network opsys string */
2772 *(bcc_ptr + 1) = 0;
2773 *(bcc_ptr + 2) = 0;
2774 bcc_ptr += 2; /* null domain */
2775 } else { /* ASCII */
2776 strcpy(bcc_ptr, "Linux version ");
2777 bcc_ptr += strlen("Linux version ");
2778 strcpy(bcc_ptr, utsname()->release);
2779 bcc_ptr += strlen(utsname()->release) + 1;
2780 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
2781 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
2782 bcc_ptr++; /* empty domain field */
2783 *bcc_ptr = 0;
2784 }
2785 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
2786 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
2787 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
2788 smb_buffer->smb_buf_length += count;
2789 pSMB->req.ByteCount = cpu_to_le16(count);
2790
2791 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
2792 &bytes_returned, CIFS_LONG_OP);
2793
2794 if (smb_buffer_response->Status.CifsError ==
2795 cpu_to_le32(NT_STATUS_MORE_PROCESSING_REQUIRED))
2796 rc = 0;
2797
2798 if (rc) {
2799 /* rc = map_smb_to_linux_error(smb_buffer_response); *//* done in SendReceive now */
2800 } else if ((smb_buffer_response->WordCount == 3)
2801 || (smb_buffer_response->WordCount == 4)) {
2802 __u16 action = le16_to_cpu(pSMBr->resp.Action);
2803 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
2804
2805 if (action & GUEST_LOGIN)
2806 cFYI(1, (" Guest login"));
2807 /* Do we want to set anything in SesInfo struct when guest login? */
2808
2809 bcc_ptr = pByteArea(smb_buffer_response);
2810 /* response can have either 3 or 4 word count - Samba sends 3 */
2811
2812 SecurityBlob2 = (PCHALLENGE_MESSAGE) bcc_ptr;
2813 if (SecurityBlob2->MessageType != NtLmChallenge) {
2814 cFYI(1,
2815 ("Unexpected NTLMSSP message type received %d",
2816 SecurityBlob2->MessageType));
2817 } else if (ses) {
2818 ses->Suid = smb_buffer_response->Uid; /* UID left in le format */
2819 cFYI(1, ("UID = %d", ses->Suid));
2820 if ((pSMBr->resp.hdr.WordCount == 3)
2821 || ((pSMBr->resp.hdr.WordCount == 4)
2822 && (blob_len <
2823 pSMBr->resp.ByteCount))) {
2824
2825 if (pSMBr->resp.hdr.WordCount == 4) {
2826 bcc_ptr += blob_len;
2827 cFYI(1, ("Security Blob Length %d",
2828 blob_len));
2829 }
2830
2831 cFYI(1, ("NTLMSSP Challenge rcvd"));
2832
2833 memcpy(ses->server->cryptKey,
2834 SecurityBlob2->Challenge,
2835 CIFS_CRYPTO_KEY_SIZE);
2836 if (SecurityBlob2->NegotiateFlags &
2837 cpu_to_le32(NTLMSSP_NEGOTIATE_NTLMV2))
2838 *pNTLMv2_flag = true;
2839
2840 if ((SecurityBlob2->NegotiateFlags &
2841 cpu_to_le32(NTLMSSP_NEGOTIATE_ALWAYS_SIGN))
2842 || (sign_CIFS_PDUs > 1))
2843 ses->server->secMode |=
2844 SECMODE_SIGN_REQUIRED;
2845 if ((SecurityBlob2->NegotiateFlags &
2846 cpu_to_le32(NTLMSSP_NEGOTIATE_SIGN)) && (sign_CIFS_PDUs))
2847 ses->server->secMode |=
2848 SECMODE_SIGN_ENABLED;
2849
2850 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
2851 if ((long) (bcc_ptr) % 2) {
2852 remaining_words =
2853 (BCC(smb_buffer_response)
2854 - 1) / 2;
2855 /* Must word align unicode strings */
2856 bcc_ptr++;
2857 } else {
2858 remaining_words =
2859 BCC
2860 (smb_buffer_response) / 2;
2861 }
2862 len =
2863 UniStrnlen((wchar_t *) bcc_ptr,
2864 remaining_words - 1);
2865 /* We look for obvious messed up bcc or strings in response so we do not go off
2866 the end since (at least) WIN2K and Windows XP have a major bug in not null
2867 terminating last Unicode string in response */
2868 if (ses->serverOS)
2869 kfree(ses->serverOS);
2870 ses->serverOS =
2871 kzalloc(2 * (len + 1), GFP_KERNEL);
2872 cifs_strfromUCS_le(ses->serverOS,
2873 (__le16 *)
2874 bcc_ptr, len,
2875 nls_codepage);
2876 bcc_ptr += 2 * (len + 1);
2877 remaining_words -= len + 1;
2878 ses->serverOS[2 * len] = 0;
2879 ses->serverOS[1 + (2 * len)] = 0;
2880 if (remaining_words > 0) {
2881 len = UniStrnlen((wchar_t *)
2882 bcc_ptr,
2883 remaining_words
2884 - 1);
2885 kfree(ses->serverNOS);
2886 ses->serverNOS =
2887 kzalloc(2 * (len + 1),
2888 GFP_KERNEL);
2889 cifs_strfromUCS_le(ses->
2890 serverNOS,
2891 (__le16 *)
2892 bcc_ptr,
2893 len,
2894 nls_codepage);
2895 bcc_ptr += 2 * (len + 1);
2896 ses->serverNOS[2 * len] = 0;
2897 ses->serverNOS[1 +
2898 (2 * len)] = 0;
2899 remaining_words -= len + 1;
2900 if (remaining_words > 0) {
2901 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
2902 /* last string not always null terminated
2903 (for e.g. for Windows XP & 2000) */
2904 kfree(ses->serverDomain);
2905 ses->serverDomain =
2906 kzalloc(2 *
2907 (len +
2908 1),
2909 GFP_KERNEL);
2910 cifs_strfromUCS_le
2911 (ses->serverDomain,
2912 (__le16 *)bcc_ptr,
2913 len, nls_codepage);
2914 bcc_ptr +=
2915 2 * (len + 1);
2916 ses->serverDomain[2*len]
2917 = 0;
2918 ses->serverDomain
2919 [1 + (2 * len)]
2920 = 0;
2921 } /* else no more room so create dummy domain string */
2922 else {
2923 kfree(ses->serverDomain);
2924 ses->serverDomain =
2925 kzalloc(2,
2926 GFP_KERNEL);
2927 }
2928 } else { /* no room so create dummy domain and NOS string */
2929 kfree(ses->serverDomain);
2930 ses->serverDomain =
2931 kzalloc(2, GFP_KERNEL);
2932 kfree(ses->serverNOS);
2933 ses->serverNOS =
2934 kzalloc(2, GFP_KERNEL);
2935 }
2936 } else { /* ASCII */
2937 len = strnlen(bcc_ptr, 1024);
2938 if (((long) bcc_ptr + len) - (long)
2939 pByteArea(smb_buffer_response)
2940 <= BCC(smb_buffer_response)) {
2941 if (ses->serverOS)
2942 kfree(ses->serverOS);
2943 ses->serverOS =
2944 kzalloc(len + 1,
2945 GFP_KERNEL);
2946 strncpy(ses->serverOS,
2947 bcc_ptr, len);
2948
2949 bcc_ptr += len;
2950 bcc_ptr[0] = 0; /* null terminate string */
2951 bcc_ptr++;
2952
2953 len = strnlen(bcc_ptr, 1024);
2954 kfree(ses->serverNOS);
2955 ses->serverNOS =
2956 kzalloc(len + 1,
2957 GFP_KERNEL);
2958 strncpy(ses->serverNOS, bcc_ptr, len);
2959 bcc_ptr += len;
2960 bcc_ptr[0] = 0;
2961 bcc_ptr++;
2962
2963 len = strnlen(bcc_ptr, 1024);
2964 kfree(ses->serverDomain);
2965 ses->serverDomain =
2966 kzalloc(len + 1,
2967 GFP_KERNEL);
2968 strncpy(ses->serverDomain,
2969 bcc_ptr, len);
2970 bcc_ptr += len;
2971 bcc_ptr[0] = 0;
2972 bcc_ptr++;
2973 } else
2974 cFYI(1,
2975 ("field of length %d "
2976 "extends beyond end of smb",
2977 len));
2978 }
2979 } else {
2980 cERROR(1, ("Security Blob Length extends beyond"
2981 " end of SMB"));
2982 }
2983 } else {
2984 cERROR(1, ("No session structure passed in."));
2985 }
2986 } else {
2987 cERROR(1,
2988 (" Invalid Word count %d:",
2989 smb_buffer_response->WordCount));
2990 rc = -EIO;
2991 }
2992
2993 cifs_buf_release(smb_buffer);
2994
2995 return rc;
2996 }
2997 static int
2998 CIFSNTLMSSPAuthSessSetup(unsigned int xid, struct cifsSesInfo *ses,
2999 char *ntlm_session_key, bool ntlmv2_flag,
3000 const struct nls_table *nls_codepage)
3001 {
3002 struct smb_hdr *smb_buffer;
3003 struct smb_hdr *smb_buffer_response;
3004 SESSION_SETUP_ANDX *pSMB;
3005 SESSION_SETUP_ANDX *pSMBr;
3006 char *bcc_ptr;
3007 char *user;
3008 char *domain;
3009 int rc = 0;
3010 int remaining_words = 0;
3011 int bytes_returned = 0;
3012 int len;
3013 int SecurityBlobLength = sizeof(AUTHENTICATE_MESSAGE);
3014 PAUTHENTICATE_MESSAGE SecurityBlob;
3015 __u32 negotiate_flags, capabilities;
3016 __u16 count;
3017
3018 cFYI(1, ("In NTLMSSPSessSetup (Authenticate)"));
3019 if (ses == NULL)
3020 return -EINVAL;
3021 user = ses->userName;
3022 domain = ses->domainName;
3023 smb_buffer = cifs_buf_get();
3024 if (smb_buffer == NULL) {
3025 return -ENOMEM;
3026 }
3027 smb_buffer_response = smb_buffer;
3028 pSMB = (SESSION_SETUP_ANDX *)smb_buffer;
3029 pSMBr = (SESSION_SETUP_ANDX *)smb_buffer_response;
3030
3031 /* send SMBsessionSetup here */
3032 header_assemble(smb_buffer, SMB_COM_SESSION_SETUP_ANDX,
3033 NULL /* no tCon exists yet */ , 12 /* wct */ );
3034
3035 smb_buffer->Mid = GetNextMid(ses->server);
3036 pSMB->req.hdr.Flags |= (SMBFLG_CASELESS | SMBFLG_CANONICAL_PATH_FORMAT);
3037 pSMB->req.hdr.Flags2 |= SMBFLG2_EXT_SEC;
3038 pSMB->req.AndXCommand = 0xFF;
3039 pSMB->req.MaxBufferSize = cpu_to_le16(ses->server->maxBuf);
3040 pSMB->req.MaxMpxCount = cpu_to_le16(ses->server->maxReq);
3041
3042 pSMB->req.hdr.Uid = ses->Suid;
3043
3044 if (ses->server->secMode & (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3045 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3046
3047 capabilities = CAP_LARGE_FILES | CAP_NT_SMBS | CAP_LEVEL_II_OPLOCKS |
3048 CAP_EXTENDED_SECURITY;
3049 if (ses->capabilities & CAP_UNICODE) {
3050 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3051 capabilities |= CAP_UNICODE;
3052 }
3053 if (ses->capabilities & CAP_STATUS32) {
3054 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3055 capabilities |= CAP_STATUS32;
3056 }
3057 if (ses->capabilities & CAP_DFS) {
3058 smb_buffer->Flags2 |= SMBFLG2_DFS;
3059 capabilities |= CAP_DFS;
3060 }
3061 pSMB->req.Capabilities = cpu_to_le32(capabilities);
3062
3063 bcc_ptr = (char *)&pSMB->req.SecurityBlob;
3064 SecurityBlob = (PAUTHENTICATE_MESSAGE)bcc_ptr;
3065 strncpy(SecurityBlob->Signature, NTLMSSP_SIGNATURE, 8);
3066 SecurityBlob->MessageType = NtLmAuthenticate;
3067 bcc_ptr += SecurityBlobLength;
3068 negotiate_flags = NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_REQUEST_TARGET |
3069 NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_TARGET_INFO |
3070 0x80000000 | NTLMSSP_NEGOTIATE_128;
3071 if (sign_CIFS_PDUs)
3072 negotiate_flags |= /* NTLMSSP_NEGOTIATE_ALWAYS_SIGN |*/ NTLMSSP_NEGOTIATE_SIGN;
3073 if (ntlmv2_flag)
3074 negotiate_flags |= NTLMSSP_NEGOTIATE_NTLMV2;
3075
3076 /* setup pointers to domain name and workstation name */
3077
3078 SecurityBlob->WorkstationName.Buffer = 0;
3079 SecurityBlob->WorkstationName.Length = 0;
3080 SecurityBlob->WorkstationName.MaximumLength = 0;
3081 SecurityBlob->SessionKey.Length = 0;
3082 SecurityBlob->SessionKey.MaximumLength = 0;
3083 SecurityBlob->SessionKey.Buffer = 0;
3084
3085 SecurityBlob->LmChallengeResponse.Length = 0;
3086 SecurityBlob->LmChallengeResponse.MaximumLength = 0;
3087 SecurityBlob->LmChallengeResponse.Buffer = 0;
3088
3089 SecurityBlob->NtChallengeResponse.Length =
3090 cpu_to_le16(CIFS_SESS_KEY_SIZE);
3091 SecurityBlob->NtChallengeResponse.MaximumLength =
3092 cpu_to_le16(CIFS_SESS_KEY_SIZE);
3093 memcpy(bcc_ptr, ntlm_session_key, CIFS_SESS_KEY_SIZE);
3094 SecurityBlob->NtChallengeResponse.Buffer =
3095 cpu_to_le32(SecurityBlobLength);
3096 SecurityBlobLength += CIFS_SESS_KEY_SIZE;
3097 bcc_ptr += CIFS_SESS_KEY_SIZE;
3098
3099 if (ses->capabilities & CAP_UNICODE) {
3100 if (domain == NULL) {
3101 SecurityBlob->DomainName.Buffer = 0;
3102 SecurityBlob->DomainName.Length = 0;
3103 SecurityBlob->DomainName.MaximumLength = 0;
3104 } else {
3105 __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, domain, 64,
3106 nls_codepage);
3107 ln *= 2;
3108 SecurityBlob->DomainName.MaximumLength =
3109 cpu_to_le16(ln);
3110 SecurityBlob->DomainName.Buffer =
3111 cpu_to_le32(SecurityBlobLength);
3112 bcc_ptr += ln;
3113 SecurityBlobLength += ln;
3114 SecurityBlob->DomainName.Length = cpu_to_le16(ln);
3115 }
3116 if (user == NULL) {
3117 SecurityBlob->UserName.Buffer = 0;
3118 SecurityBlob->UserName.Length = 0;
3119 SecurityBlob->UserName.MaximumLength = 0;
3120 } else {
3121 __u16 ln = cifs_strtoUCS((__le16 *) bcc_ptr, user, 64,
3122 nls_codepage);
3123 ln *= 2;
3124 SecurityBlob->UserName.MaximumLength =
3125 cpu_to_le16(ln);
3126 SecurityBlob->UserName.Buffer =
3127 cpu_to_le32(SecurityBlobLength);
3128 bcc_ptr += ln;
3129 SecurityBlobLength += ln;
3130 SecurityBlob->UserName.Length = cpu_to_le16(ln);
3131 }
3132
3133 /* SecurityBlob->WorkstationName.Length =
3134 cifs_strtoUCS((__le16 *) bcc_ptr, "AMACHINE",64, nls_codepage);
3135 SecurityBlob->WorkstationName.Length *= 2;
3136 SecurityBlob->WorkstationName.MaximumLength =
3137 cpu_to_le16(SecurityBlob->WorkstationName.Length);
3138 SecurityBlob->WorkstationName.Buffer =
3139 cpu_to_le32(SecurityBlobLength);
3140 bcc_ptr += SecurityBlob->WorkstationName.Length;
3141 SecurityBlobLength += SecurityBlob->WorkstationName.Length;
3142 SecurityBlob->WorkstationName.Length =
3143 cpu_to_le16(SecurityBlob->WorkstationName.Length); */
3144
3145 if ((long) bcc_ptr % 2) {
3146 *bcc_ptr = 0;
3147 bcc_ptr++;
3148 }
3149 bytes_returned =
3150 cifs_strtoUCS((__le16 *) bcc_ptr, "Linux version ",
3151 32, nls_codepage);
3152 bcc_ptr += 2 * bytes_returned;
3153 bytes_returned =
3154 cifs_strtoUCS((__le16 *) bcc_ptr, utsname()->release, 32,
3155 nls_codepage);
3156 bcc_ptr += 2 * bytes_returned;
3157 bcc_ptr += 2; /* null term version string */
3158 bytes_returned =
3159 cifs_strtoUCS((__le16 *) bcc_ptr, CIFS_NETWORK_OPSYS,
3160 64, nls_codepage);
3161 bcc_ptr += 2 * bytes_returned;
3162 *(bcc_ptr + 1) = 0;
3163 *(bcc_ptr + 2) = 0;
3164 bcc_ptr += 2; /* null terminate network opsys string */
3165 *(bcc_ptr + 1) = 0;
3166 *(bcc_ptr + 2) = 0;
3167 bcc_ptr += 2; /* null domain */
3168 } else { /* ASCII */
3169 if (domain == NULL) {
3170 SecurityBlob->DomainName.Buffer = 0;
3171 SecurityBlob->DomainName.Length = 0;
3172 SecurityBlob->DomainName.MaximumLength = 0;
3173 } else {
3174 __u16 ln;
3175 negotiate_flags |= NTLMSSP_NEGOTIATE_DOMAIN_SUPPLIED;
3176 strncpy(bcc_ptr, domain, 63);
3177 ln = strnlen(domain, 64);
3178 SecurityBlob->DomainName.MaximumLength =
3179 cpu_to_le16(ln);
3180 SecurityBlob->DomainName.Buffer =
3181 cpu_to_le32(SecurityBlobLength);
3182 bcc_ptr += ln;
3183 SecurityBlobLength += ln;
3184 SecurityBlob->DomainName.Length = cpu_to_le16(ln);
3185 }
3186 if (user == NULL) {
3187 SecurityBlob->UserName.Buffer = 0;
3188 SecurityBlob->UserName.Length = 0;
3189 SecurityBlob->UserName.MaximumLength = 0;
3190 } else {
3191 __u16 ln;
3192 strncpy(bcc_ptr, user, 63);
3193 ln = strnlen(user, 64);
3194 SecurityBlob->UserName.MaximumLength = cpu_to_le16(ln);
3195 SecurityBlob->UserName.Buffer =
3196 cpu_to_le32(SecurityBlobLength);
3197 bcc_ptr += ln;
3198 SecurityBlobLength += ln;
3199 SecurityBlob->UserName.Length = cpu_to_le16(ln);
3200 }
3201 /* BB fill in our workstation name if known BB */
3202
3203 strcpy(bcc_ptr, "Linux version ");
3204 bcc_ptr += strlen("Linux version ");
3205 strcpy(bcc_ptr, utsname()->release);
3206 bcc_ptr += strlen(utsname()->release) + 1;
3207 strcpy(bcc_ptr, CIFS_NETWORK_OPSYS);
3208 bcc_ptr += strlen(CIFS_NETWORK_OPSYS) + 1;
3209 bcc_ptr++; /* null domain */
3210 *bcc_ptr = 0;
3211 }
3212 SecurityBlob->NegotiateFlags = cpu_to_le32(negotiate_flags);
3213 pSMB->req.SecurityBlobLength = cpu_to_le16(SecurityBlobLength);
3214 count = (long) bcc_ptr - (long) pByteArea(smb_buffer);
3215 smb_buffer->smb_buf_length += count;
3216 pSMB->req.ByteCount = cpu_to_le16(count);
3217
3218 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response,
3219 &bytes_returned, CIFS_LONG_OP);
3220 if (rc) {
3221 /* rc = map_smb_to_linux_error(smb_buffer_response) done in SendReceive now */
3222 } else if ((smb_buffer_response->WordCount == 3) ||
3223 (smb_buffer_response->WordCount == 4)) {
3224 __u16 action = le16_to_cpu(pSMBr->resp.Action);
3225 __u16 blob_len = le16_to_cpu(pSMBr->resp.SecurityBlobLength);
3226 if (action & GUEST_LOGIN)
3227 cFYI(1, (" Guest login")); /* BB Should we set anything
3228 in SesInfo struct ? */
3229 /* if (SecurityBlob2->MessageType != NtLm??) {
3230 cFYI("Unexpected message type on auth response is %d"));
3231 } */
3232
3233 if (ses) {
3234 cFYI(1,
3235 ("Check challenge UID %d vs auth response UID %d",
3236 ses->Suid, smb_buffer_response->Uid));
3237 /* UID left in wire format */
3238 ses->Suid = smb_buffer_response->Uid;
3239 bcc_ptr = pByteArea(smb_buffer_response);
3240 /* response can have either 3 or 4 word count - Samba sends 3 */
3241 if ((pSMBr->resp.hdr.WordCount == 3)
3242 || ((pSMBr->resp.hdr.WordCount == 4)
3243 && (blob_len <
3244 pSMBr->resp.ByteCount))) {
3245 if (pSMBr->resp.hdr.WordCount == 4) {
3246 bcc_ptr +=
3247 blob_len;
3248 cFYI(1,
3249 ("Security Blob Length %d ",
3250 blob_len));
3251 }
3252
3253 cFYI(1,
3254 ("NTLMSSP response to Authenticate "));
3255
3256 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3257 if ((long) (bcc_ptr) % 2) {
3258 remaining_words =
3259 (BCC(smb_buffer_response)
3260 - 1) / 2;
3261 bcc_ptr++; /* Unicode strings must be word aligned */
3262 } else {
3263 remaining_words = BCC(smb_buffer_response) / 2;
3264 }
3265 len = UniStrnlen((wchar_t *) bcc_ptr,
3266 remaining_words - 1);
3267 /* We look for obvious messed up bcc or strings in response so we do not go off
3268 the end since (at least) WIN2K and Windows XP have a major bug in not null
3269 terminating last Unicode string in response */
3270 if (ses->serverOS)
3271 kfree(ses->serverOS);
3272 ses->serverOS =
3273 kzalloc(2 * (len + 1), GFP_KERNEL);
3274 cifs_strfromUCS_le(ses->serverOS,
3275 (__le16 *)
3276 bcc_ptr, len,
3277 nls_codepage);
3278 bcc_ptr += 2 * (len + 1);
3279 remaining_words -= len + 1;
3280 ses->serverOS[2 * len] = 0;
3281 ses->serverOS[1 + (2 * len)] = 0;
3282 if (remaining_words > 0) {
3283 len = UniStrnlen((wchar_t *)
3284 bcc_ptr,
3285 remaining_words
3286 - 1);
3287 kfree(ses->serverNOS);
3288 ses->serverNOS =
3289 kzalloc(2 * (len + 1),
3290 GFP_KERNEL);
3291 cifs_strfromUCS_le(ses->
3292 serverNOS,
3293 (__le16 *)
3294 bcc_ptr,
3295 len,
3296 nls_codepage);
3297 bcc_ptr += 2 * (len + 1);
3298 ses->serverNOS[2 * len] = 0;
3299 ses->serverNOS[1+(2*len)] = 0;
3300 remaining_words -= len + 1;
3301 if (remaining_words > 0) {
3302 len = UniStrnlen((wchar_t *) bcc_ptr, remaining_words);
3303 /* last string not always null terminated (e.g. for Windows XP & 2000) */
3304 if (ses->serverDomain)
3305 kfree(ses->serverDomain);
3306 ses->serverDomain =
3307 kzalloc(2 *
3308 (len +
3309 1),
3310 GFP_KERNEL);
3311 cifs_strfromUCS_le
3312 (ses->
3313 serverDomain,
3314 (__le16 *)
3315 bcc_ptr, len,
3316 nls_codepage);
3317 bcc_ptr +=
3318 2 * (len + 1);
3319 ses->
3320 serverDomain[2
3321 * len]
3322 = 0;
3323 ses->
3324 serverDomain[1
3325 +
3326 (2
3327 *
3328 len)]
3329 = 0;
3330 } /* else no more room so create dummy domain string */
3331 else {
3332 if (ses->serverDomain)
3333 kfree(ses->serverDomain);
3334 ses->serverDomain = kzalloc(2,GFP_KERNEL);
3335 }
3336 } else { /* no room so create dummy domain and NOS string */
3337 if (ses->serverDomain)
3338 kfree(ses->serverDomain);
3339 ses->serverDomain = kzalloc(2, GFP_KERNEL);
3340 kfree(ses->serverNOS);
3341 ses->serverNOS = kzalloc(2, GFP_KERNEL);
3342 }
3343 } else { /* ASCII */
3344 len = strnlen(bcc_ptr, 1024);
3345 if (((long) bcc_ptr + len) -
3346 (long) pByteArea(smb_buffer_response)
3347 <= BCC(smb_buffer_response)) {
3348 if (ses->serverOS)
3349 kfree(ses->serverOS);
3350 ses->serverOS = kzalloc(len + 1, GFP_KERNEL);
3351 strncpy(ses->serverOS,bcc_ptr, len);
3352
3353 bcc_ptr += len;
3354 bcc_ptr[0] = 0; /* null terminate the string */
3355 bcc_ptr++;
3356
3357 len = strnlen(bcc_ptr, 1024);
3358 kfree(ses->serverNOS);
3359 ses->serverNOS = kzalloc(len+1,
3360 GFP_KERNEL);
3361 strncpy(ses->serverNOS,
3362 bcc_ptr, len);
3363 bcc_ptr += len;
3364 bcc_ptr[0] = 0;
3365 bcc_ptr++;
3366
3367 len = strnlen(bcc_ptr, 1024);
3368 if (ses->serverDomain)
3369 kfree(ses->serverDomain);
3370 ses->serverDomain =
3371 kzalloc(len+1,
3372 GFP_KERNEL);
3373 strncpy(ses->serverDomain,
3374 bcc_ptr, len);
3375 bcc_ptr += len;
3376 bcc_ptr[0] = 0;
3377 bcc_ptr++;
3378 } else
3379 cFYI(1, ("field of length %d "
3380 "extends beyond end of smb ",
3381 len));
3382 }
3383 } else {
3384 cERROR(1, ("Security Blob extends beyond end "
3385 "of SMB"));
3386 }
3387 } else {
3388 cERROR(1, ("No session structure passed in."));
3389 }
3390 } else {
3391 cERROR(1, ("Invalid Word count %d: ",
3392 smb_buffer_response->WordCount));
3393 rc = -EIO;
3394 }
3395
3396 cifs_buf_release(smb_buffer);
3397
3398 return rc;
3399 }
3400
3401 int
3402 CIFSTCon(unsigned int xid, struct cifsSesInfo *ses,
3403 const char *tree, struct cifsTconInfo *tcon,
3404 const struct nls_table *nls_codepage)
3405 {
3406 struct smb_hdr *smb_buffer;
3407 struct smb_hdr *smb_buffer_response;
3408 TCONX_REQ *pSMB;
3409 TCONX_RSP *pSMBr;
3410 unsigned char *bcc_ptr;
3411 int rc = 0;
3412 int length;
3413 __u16 count;
3414
3415 if (ses == NULL)
3416 return -EIO;
3417
3418 smb_buffer = cifs_buf_get();
3419 if (smb_buffer == NULL) {
3420 return -ENOMEM;
3421 }
3422 smb_buffer_response = smb_buffer;
3423
3424 header_assemble(smb_buffer, SMB_COM_TREE_CONNECT_ANDX,
3425 NULL /*no tid */ , 4 /*wct */ );
3426
3427 smb_buffer->Mid = GetNextMid(ses->server);
3428 smb_buffer->Uid = ses->Suid;
3429 pSMB = (TCONX_REQ *) smb_buffer;
3430 pSMBr = (TCONX_RSP *) smb_buffer_response;
3431
3432 pSMB->AndXCommand = 0xFF;
3433 pSMB->Flags = cpu_to_le16(TCON_EXTENDED_SECINFO);
3434 bcc_ptr = &pSMB->Password[0];
3435 if ((ses->server->secMode) & SECMODE_USER) {
3436 pSMB->PasswordLength = cpu_to_le16(1); /* minimum */
3437 *bcc_ptr = 0; /* password is null byte */
3438 bcc_ptr++; /* skip password */
3439 /* already aligned so no need to do it below */
3440 } else {
3441 pSMB->PasswordLength = cpu_to_le16(CIFS_SESS_KEY_SIZE);
3442 /* BB FIXME add code to fail this if NTLMv2 or Kerberos
3443 specified as required (when that support is added to
3444 the vfs in the future) as only NTLM or the much
3445 weaker LANMAN (which we do not send by default) is accepted
3446 by Samba (not sure whether other servers allow
3447 NTLMv2 password here) */
3448 #ifdef CONFIG_CIFS_WEAK_PW_HASH
3449 if ((extended_security & CIFSSEC_MAY_LANMAN) &&
3450 (ses->server->secType == LANMAN))
3451 calc_lanman_hash(ses, bcc_ptr);
3452 else
3453 #endif /* CIFS_WEAK_PW_HASH */
3454 SMBNTencrypt(ses->password,
3455 ses->server->cryptKey,
3456 bcc_ptr);
3457
3458 bcc_ptr += CIFS_SESS_KEY_SIZE;
3459 if (ses->capabilities & CAP_UNICODE) {
3460 /* must align unicode strings */
3461 *bcc_ptr = 0; /* null byte password */
3462 bcc_ptr++;
3463 }
3464 }
3465
3466 if (ses->server->secMode &
3467 (SECMODE_SIGN_REQUIRED | SECMODE_SIGN_ENABLED))
3468 smb_buffer->Flags2 |= SMBFLG2_SECURITY_SIGNATURE;
3469
3470 if (ses->capabilities & CAP_STATUS32) {
3471 smb_buffer->Flags2 |= SMBFLG2_ERR_STATUS;
3472 }
3473 if (ses->capabilities & CAP_DFS) {
3474 smb_buffer->Flags2 |= SMBFLG2_DFS;
3475 }
3476 if (ses->capabilities & CAP_UNICODE) {
3477 smb_buffer->Flags2 |= SMBFLG2_UNICODE;
3478 length =
3479 cifs_strtoUCS((__le16 *) bcc_ptr, tree,
3480 6 /* max utf8 char length in bytes */ *
3481 (/* server len*/ + 256 /* share len */), nls_codepage);
3482 bcc_ptr += 2 * length; /* convert num 16 bit words to bytes */
3483 bcc_ptr += 2; /* skip trailing null */
3484 } else { /* ASCII */
3485 strcpy(bcc_ptr, tree);
3486 bcc_ptr += strlen(tree) + 1;
3487 }
3488 strcpy(bcc_ptr, "?????");
3489 bcc_ptr += strlen("?????");
3490 bcc_ptr += 1;
3491 count = bcc_ptr - &pSMB->Password[0];
3492 pSMB->hdr.smb_buf_length += count;
3493 pSMB->ByteCount = cpu_to_le16(count);
3494
3495 rc = SendReceive(xid, ses, smb_buffer, smb_buffer_response, &length,
3496 CIFS_STD_OP);
3497
3498 /* if (rc) rc = map_smb_to_linux_error(smb_buffer_response); */
3499 /* above now done in SendReceive */
3500 if ((rc == 0) && (tcon != NULL)) {
3501 tcon->tidStatus = CifsGood;
3502 tcon->need_reconnect = false;
3503 tcon->tid = smb_buffer_response->Tid;
3504 bcc_ptr = pByteArea(smb_buffer_response);
3505 length = strnlen(bcc_ptr, BCC(smb_buffer_response) - 2);
3506 /* skip service field (NB: this field is always ASCII) */
3507 if (length == 3) {
3508 if ((bcc_ptr[0] == 'I') && (bcc_ptr[1] == 'P') &&
3509 (bcc_ptr[2] == 'C')) {
3510 cFYI(1, ("IPC connection"));
3511 tcon->ipc = 1;
3512 }
3513 } else if (length == 2) {
3514 if ((bcc_ptr[0] == 'A') && (bcc_ptr[1] == ':')) {
3515 /* the most common case */
3516 cFYI(1, ("disk share connection"));
3517 }
3518 }
3519 bcc_ptr += length + 1;
3520 strncpy(tcon->treeName, tree, MAX_TREE_SIZE);
3521 if (smb_buffer->Flags2 & SMBFLG2_UNICODE) {
3522 length = UniStrnlen((wchar_t *) bcc_ptr, 512);
3523 if ((bcc_ptr + (2 * length)) -
3524 pByteArea(smb_buffer_response) <=
3525 BCC(smb_buffer_response)) {
3526 kfree(tcon->nativeFileSystem);
3527 tcon->nativeFileSystem =
3528 kzalloc(length + 2, GFP_KERNEL);
3529 if (tcon->nativeFileSystem)
3530 cifs_strfromUCS_le(
3531 tcon->nativeFileSystem,
3532 (__le16 *) bcc_ptr,
3533 length, nls_codepage);
3534 bcc_ptr += 2 * length;
3535 bcc_ptr[0] = 0; /* null terminate the string */
3536 bcc_ptr[1] = 0;
3537 bcc_ptr += 2;
3538 }
3539 /* else do not bother copying these information fields*/
3540 } else {
3541 length = strnlen(bcc_ptr, 1024);
3542 if ((bcc_ptr + length) -
3543 pByteArea(smb_buffer_response) <=
3544 BCC(smb_buffer_response)) {
3545 kfree(tcon->nativeFileSystem);
3546 tcon->nativeFileSystem =
3547 kzalloc(length + 1, GFP_KERNEL);
3548 if (tcon->nativeFileSystem)
3549 strncpy(tcon->nativeFileSystem, bcc_ptr,
3550 length);
3551 }
3552 /* else do not bother copying these information fields*/
3553 }
3554 if ((smb_buffer_response->WordCount == 3) ||
3555 (smb_buffer_response->WordCount == 7))
3556 /* field is in same location */
3557 tcon->Flags = le16_to_cpu(pSMBr->OptionalSupport);
3558 else
3559 tcon->Flags = 0;
3560 cFYI(1, ("Tcon flags: 0x%x ", tcon->Flags));
3561 } else if ((rc == 0) && tcon == NULL) {
3562 /* all we need to save for IPC$ connection */
3563 ses->ipc_tid = smb_buffer_response->Tid;
3564 }
3565
3566 cifs_buf_release(smb_buffer);
3567 return rc;
3568 }
3569
3570 int
3571 cifs_umount(struct super_block *sb, struct cifs_sb_info *cifs_sb)
3572 {
3573 int rc = 0;
3574 int xid;
3575 struct cifsSesInfo *ses = NULL;
3576 char *tmp;
3577
3578 xid = GetXid();
3579
3580 if (cifs_sb->tcon) {
3581 ses = cifs_sb->tcon->ses; /* save ptr to ses before delete tcon!*/
3582 rc = CIFSSMBTDis(xid, cifs_sb->tcon);
3583 if (rc == -EBUSY) {
3584 FreeXid(xid);
3585 return 0;
3586 }
3587 DeleteTconOplockQEntries(cifs_sb->tcon);
3588 tconInfoFree(cifs_sb->tcon);
3589 cifs_put_smb_ses(ses);
3590 }
3591
3592 cifs_sb->tcon = NULL;
3593 tmp = cifs_sb->prepath;
3594 cifs_sb->prepathlen = 0;
3595 cifs_sb->prepath = NULL;
3596 kfree(tmp);
3597
3598 FreeXid(xid);
3599 return rc;
3600 }
3601
3602 int cifs_setup_session(unsigned int xid, struct cifsSesInfo *pSesInfo,
3603 struct nls_table *nls_info)
3604 {
3605 int rc = 0;
3606 char ntlm_session_key[CIFS_SESS_KEY_SIZE];
3607 bool ntlmv2_flag = false;
3608 int first_time = 0;
3609 struct TCP_Server_Info *server = pSesInfo->server;
3610
3611 /* what if server changes its buffer size after dropping the session? */
3612 if (server->maxBuf == 0) /* no need to send on reconnect */ {
3613 rc = CIFSSMBNegotiate(xid, pSesInfo);
3614 if (rc == -EAGAIN) {
3615 /* retry only once on 1st time connection */
3616 rc = CIFSSMBNegotiate(xid, pSesInfo);
3617 if (rc == -EAGAIN)
3618 rc = -EHOSTDOWN;
3619 }
3620 if (rc == 0) {
3621 spin_lock(&GlobalMid_Lock);
3622 if (server->tcpStatus != CifsExiting)
3623 server->tcpStatus = CifsGood;
3624 else
3625 rc = -EHOSTDOWN;
3626 spin_unlock(&GlobalMid_Lock);
3627
3628 }
3629 first_time = 1;
3630 }
3631
3632 if (rc)
3633 goto ss_err_exit;
3634
3635 pSesInfo->flags = 0;
3636 pSesInfo->capabilities = server->capabilities;
3637 if (linuxExtEnabled == 0)
3638 pSesInfo->capabilities &= (~CAP_UNIX);
3639 /* pSesInfo->sequence_number = 0;*/
3640 cFYI(1, ("Security Mode: 0x%x Capabilities: 0x%x TimeAdjust: %d",
3641 server->secMode, server->capabilities, server->timeAdj));
3642
3643 if (experimEnabled < 2)
3644 rc = CIFS_SessSetup(xid, pSesInfo, first_time, nls_info);
3645 else if (extended_security
3646 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3647 && (server->secType == NTLMSSP)) {
3648 rc = -EOPNOTSUPP;
3649 } else if (extended_security
3650 && (pSesInfo->capabilities & CAP_EXTENDED_SECURITY)
3651 && (server->secType == RawNTLMSSP)) {
3652 cFYI(1, ("NTLMSSP sesssetup"));
3653 rc = CIFSNTLMSSPNegotiateSessSetup(xid, pSesInfo, &ntlmv2_flag,
3654 nls_info);
3655 if (!rc) {
3656 if (ntlmv2_flag) {
3657 char *v2_response;
3658 cFYI(1, ("more secure NTLM ver2 hash"));
3659 if (CalcNTLMv2_partial_mac_key(pSesInfo,
3660 nls_info)) {
3661 rc = -ENOMEM;
3662 goto ss_err_exit;
3663 } else
3664 v2_response = kmalloc(16 + 64 /* blob*/,
3665 GFP_KERNEL);
3666 if (v2_response) {
3667 CalcNTLMv2_response(pSesInfo,
3668 v2_response);
3669 /* if (first_time)
3670 cifs_calculate_ntlmv2_mac_key */
3671 kfree(v2_response);
3672 /* BB Put dummy sig in SessSetup PDU? */
3673 } else {
3674 rc = -ENOMEM;
3675 goto ss_err_exit;
3676 }
3677
3678 } else {
3679 SMBNTencrypt(pSesInfo->password,
3680 server->cryptKey,
3681 ntlm_session_key);
3682
3683 if (first_time)
3684 cifs_calculate_mac_key(
3685 &server->mac_signing_key,
3686 ntlm_session_key,
3687 pSesInfo->password);
3688 }
3689 /* for better security the weaker lanman hash not sent
3690 in AuthSessSetup so we no longer calculate it */
3691
3692 rc = CIFSNTLMSSPAuthSessSetup(xid, pSesInfo,
3693 ntlm_session_key,
3694 ntlmv2_flag,
3695 nls_info);
3696 }
3697 } else { /* old style NTLM 0.12 session setup */
3698 SMBNTencrypt(pSesInfo->password, server->cryptKey,
3699 ntlm_session_key);
3700
3701 if (first_time)
3702 cifs_calculate_mac_key(&server->mac_signing_key,
3703 ntlm_session_key,
3704 pSesInfo->password);
3705
3706 rc = CIFSSessSetup(xid, pSesInfo, ntlm_session_key, nls_info);
3707 }
3708 if (rc) {
3709 cERROR(1, ("Send error in SessSetup = %d", rc));
3710 } else {
3711 cFYI(1, ("CIFS Session Established successfully"));
3712 spin_lock(&GlobalMid_Lock);
3713 pSesInfo->status = CifsGood;
3714 pSesInfo->need_reconnect = false;
3715 spin_unlock(&GlobalMid_Lock);
3716 }
3717
3718 ss_err_exit:
3719 return rc;
3720 }
3721
ubuntu-bionic-kernel mirror